diff --git a/bin/site.py b/bin/site.py index e823951..11b0da0 100644 --- a/bin/site.py +++ b/bin/site.py @@ -74,34 +74,25 @@ def write_bootloaders_csv(bootloaders, output_dir, VERBOSE): -def write_top_products(bootloaders, output_dir, top_n=5): - products_count = {} - +def write_top_os(bootloaders, output_dir, top_n=5): + os_count = {} for bootloader in bootloaders: - for hash_info in bootloader['KnownVulnerableSamples']: - product_name = hash_info['Product'] - - if not product_name: - continue - - product_name = product_name.strip().replace(',', '') - - if product_name.lower() == 'n/a' or product_name.isspace(): - continue - - if product_name not in products_count: - products_count[product_name] = 0 - - products_count[product_name] += 1 - - sorted_products = sorted(products_count.items(), key=lambda x: x[1], reverse=True)[:top_n] - - with open(f"{output_dir}/content/bootloaders_top_{top_n}_products.csv", "w") as f: + command = bootloader.get('Commands') + if not command: + continue + os_name = command.get('OperatingSystem') + if not os_name or os_name.isspace() or os_name.lower() == 'n/a': + continue + os_name = os_name.strip().replace(',', '') + if os_name not in os_count: + os_count[os_name] = 0 + os_count[os_name] += 1 + sorted_os = sorted(os_count.items(), key=lambda x: x[1], reverse=True)[:top_n] + with open(f"{output_dir}/content/bootloaders_top_{top_n}_os.csv", "w") as f: writer = csv.writer(f) - - for product, count in sorted_products: + for os, count in sorted_os: for _ in range(count): - writer.writerow([count, product]) + writer.writerow([count, os]) def write_top_publishers(bootloaders, output_dir, top_n=5): publishers_count = {} @@ -191,8 +182,8 @@ def generate_doc_bootloaders(REPO_PATH, OUTPUT_DIR, TEMPLATE_PATH, messages, VER writer.writerow([link, sha256, bootloader['Category'].capitalize(), bootloader['Created']]) messages.append("site_gen.py wrote bootloaders table to: {0}".format(OUTPUT_DIR + '/content/bootloaders_table.csv')) - # write top 5 products - write_top_products(bootloaders, OUTPUT_DIR) + # write top 5 os + write_top_os(bootloaders, OUTPUT_DIR) messages.append("site_gen.py wrote bootloaders products to: {0}".format(OUTPUT_DIR + '/content/bootloaders_top_n_products.csv')) return bootloaders, messages diff --git a/bootloaders.io/content/_index.md b/bootloaders.io/content/_index.md index 7022604..aa59f4b 100644 --- a/bootloaders.io/content/_index.md +++ b/bootloaders.io/content/_index.md @@ -9,7 +9,7 @@ title = "bootloaders.io" title = "Bootkit List" [dataset2] - fileLink = "content/bootloaders_top_5_products.csv" + fileLink = "content/bootloaders_top_5_os.csv" colors = ["#ef7f1a", "#627c62", "#11819b", "#4e1154", "#a1c9a2", "#38a9d9", "#f9b34c", "#824da4", "#e0c7c2", "#c2c2a3", "#d6a994", "#f2c057"] # chart colors columnTitles = ["Count", "Name"] # optional if not table will be displayed from dataset baseChartOn = 2 # number of column the chart(s) and graph should be drawn from # can be overridden directly via shortcode parameter # it's therefore optional @@ -38,7 +38,7 @@ You can also access the malicious bootkit list via **API** using [CSV](api/bootl {{< column "mt-4">}} -# Top OS +# Top Architecture {{% chart "dataset2" "pie" %}} diff --git a/bootloaders.io/content/api/bootloaders.json b/bootloaders.io/content/api/bootloaders.json index bae1b9c..f3138fa 100644 --- a/bootloaders.io/content/api/bootloaders.json +++ b/bootloaders.io/content/api/bootloaders.json @@ -45,7 +45,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -110,7 +112,9 @@ "FileVersion": "6.3.9600.18515 (winblue_ltsb.161012-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "fe08109ce34ae68fed49348549b9ead1", "MachineType": "I386", @@ -128,67 +132,67 @@ "SHA1": "7fb211ce3088f2e657c72dcc80574310becde3e7", "SHA256": "d8732eb8bd7240f17d90656424aabc0669c3d13e3117efc4805bb59dd21ceb1d", "Sections": { - ".text": { - "Entropy": 6.63561700395366, - "Virtual Size": "0x130364" - }, ".data": { "Entropy": 6.142173903791614, "Virtual Size": "0x5c7f0" }, + ".reloc": { + "Entropy": 6.764151324597371, + "Virtual Size": "0x5d40" + }, ".rsrc": { "Entropy": 3.4721353846875296, "Virtual Size": "0xfd30" }, - ".reloc": { - "Entropy": 6.764151324597371, - "Virtual Size": "0x5d40" + ".text": { + "Entropy": 6.63561700395366, + "Virtual Size": "0x130364" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -244,7 +248,9 @@ "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "87b6d22295a16073d8d456fc574441a8", "MachineType": "AMD64", @@ -262,22 +268,6 @@ "SHA1": "0c26596b3297d5e5a06f8d3788579edc7895a622", "SHA256": "783d088ce72996a064c0da796579475e0aef23c5e6e0e5905c98571bf8620e20", "Sections": { - ".text": { - "Entropy": 6.4845800528218485, - "Virtual Size": "0x109ee2" - }, - "PAGER32C": { - "Entropy": 6.353527581631879, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.510073701345747, - "Virtual Size": "0x169e" - }, - ".rdata": { - "Entropy": 5.41880175126111, - "Virtual Size": "0x19b44" - }, ".data": { "Entropy": 4.629726747704923, "Virtual Size": "0x63cf0" @@ -286,63 +276,79 @@ "Entropy": 6.004535487649427, "Virtual Size": "0x8e80" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.41880175126111, + "Virtual Size": "0x19b44" + }, + ".reloc": { + "Entropy": 2.706444085925694, + "Virtual Size": "0x1ab4" }, ".rsrc": { "Entropy": 3.47076835529837, "Virtual Size": "0xfcf4" }, - ".reloc": { - "Entropy": 2.706444085925694, - "Virtual Size": "0x1ab4" + ".text": { + "Entropy": 6.4845800528218485, + "Virtual Size": "0x109ee2" + }, + "PAGE": { + "Entropy": 6.510073701345747, + "Virtual Size": "0x169e" + }, + "PAGER32C": { + "Entropy": 6.353527581631879, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -396,7 +402,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -466,7 +474,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -531,7 +541,9 @@ "FileVersion": "6.4.9857.0 (fbl_kpg_kernel(dedesa).140630-1750)", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "9962f9fb820e5d7f5a31b86b9d164d33", "MachineType": "AMD64", @@ -549,22 +561,6 @@ "SHA1": "84376651061fc88774ec945b9062c112139c883e", "SHA256": "f6208932ed98aa64f5ec0d9f59138d4c1dddbd82437315aac4aa913e5d4f825e", "Sections": { - ".text": { - "Entropy": 6.473097220302679, - "Virtual Size": "0x14b976" - }, - "PAGER32C": { - "Entropy": 6.319009763281622, - "Virtual Size": "0x2e69" - }, - "PAGE": { - "Entropy": 6.536008053813184, - "Virtual Size": "0x16b9" - }, - ".rdata": { - "Entropy": 5.3663917464862045, - "Virtual Size": "0x23014" - }, ".data": { "Entropy": 4.5467853172101345, "Virtual Size": "0x62140" @@ -573,59 +569,75 @@ "Entropy": 6.062316800180466, "Virtual Size": "0xa7c4" }, - ".rsrc": { - "Entropy": 3.4613409021077035, - "Virtual Size": "0xfc40" + ".rdata": { + "Entropy": 5.3663917464862045, + "Virtual Size": "0x23014" }, ".reloc": { "Entropy": 5.434784212443644, "Virtual Size": "0x9a0" + }, + ".rsrc": { + "Entropy": 3.4613409021077035, + "Virtual Size": "0xfc40" + }, + ".text": { + "Entropy": 6.473097220302679, + "Virtual Size": "0x14b976" + }, + "PAGE": { + "Entropy": 6.536008053813184, + "Virtual Size": "0x16b9" + }, + "PAGER32C": { + "Entropy": 6.319009763281622, + "Virtual Size": "0x2e69" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -686,7 +698,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -749,7 +763,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -812,7 +828,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -875,7 +893,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "miniloader.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -938,7 +958,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -1001,7 +1023,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -1071,7 +1095,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -1134,7 +1160,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -1206,7 +1234,9 @@ "FileVersion": "", "Filename": "bootnetx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "41218ac4af41772dbaa3d4738e0c2bf3", "MachineType": "AMD64", @@ -1224,83 +1254,83 @@ "SHA1": "4d7caebdafbc4bb3866676173dace618baa6a129", "SHA256": "aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5", "Sections": { - "/4": { - "Entropy": 4.844299269362631, - "Virtual Size": "0x18118" - }, - ".text": { - "Entropy": 5.625262326816911, - "Virtual Size": "0x91828" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.423207936399988, "Virtual Size": "0x28828" }, - "/14": { - "Entropy": 7.405693653367437, - "Virtual Size": "0x3b3" - }, ".dynamic": { "Entropy": 0.8341231672694769, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.210346535035395, + "Virtual Size": "0xea78" + }, ".rela": { "Entropy": 2.6464824623251326, "Virtual Size": "0x1ae50" }, - ".dynsym": { - "Entropy": 3.210346535035395, - "Virtual Size": "0xea78" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.625262326816911, + "Virtual Size": "0x91828" + }, + "/14": { + "Entropy": 7.405693653367437, + "Virtual Size": "0x3b3" + }, + "/4": { + "Entropy": 4.844299269362631, + "Virtual Size": "0x18118" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2016-11-17 22:05:37", - "ValidTo": "2018-02-17 22:05:37", - "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001e0d8474951a966ce400010000001e", - "Version": 3, + "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "b6f099bf203668f11a8f79ab08792ed8", "SHA1": "4713755a345940554eada6042e90b0151591fad6", "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb" - } + }, + "ValidFrom": "2016-11-17 22:05:37", + "ValidTo": "2018-02-17 22:05:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -1354,7 +1384,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -1417,7 +1449,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -1480,7 +1514,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -1543,7 +1579,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -1606,7 +1644,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -1669,7 +1709,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -1739,7 +1781,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-sles.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -1809,7 +1853,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -1872,7 +1918,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -1937,7 +1985,9 @@ "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "a168299b9ced4e289f438408b6a047b6", "MachineType": "I386", @@ -1955,83 +2005,83 @@ "SHA1": "cd0498821da3074abf0b1c44819f1bd2f3a13355", "SHA256": "90ea447ccfdcd9771de40de9721d0256d6d8a30d68963e82485c2e92b7eb5257", "Sections": { + ".data": { + "Entropy": 6.169217945416925, + "Virtual Size": "0x55ef0" + }, + ".rdata": { + "Entropy": 5.377951519517065, + "Virtual Size": "0x122af" + }, + ".reloc": { + "Entropy": 6.114816268597115, + "Virtual Size": "0x61f4" + }, + ".rsrc": { + "Entropy": 3.4717263860040073, + "Virtual Size": "0xfd14" + }, ".text": { "Entropy": 6.640808824960342, "Virtual Size": "0xdd886" }, - "PAGER32C": { - "Entropy": 6.570088920256996, - "Virtual Size": "0x4805" - }, "PAGE": { "Entropy": 6.507290228990708, "Virtual Size": "0x12ab" }, - ".rdata": { - "Entropy": 5.377951519517065, - "Virtual Size": "0x122af" - }, - ".data": { - "Entropy": 6.169217945416925, - "Virtual Size": "0x55ef0" + "PAGER32C": { + "Entropy": 6.570088920256996, + "Virtual Size": "0x4805" }, "PAGER32R": { "Entropy": 7.631412897966042, "Virtual Size": "0x380" - }, - ".rsrc": { - "Entropy": 3.4717263860040073, - "Virtual Size": "0xfd14" - }, - ".reloc": { - "Entropy": 6.114816268597115, - "Virtual Size": "0x61f4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -2092,7 +2142,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -2162,7 +2214,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -2232,7 +2286,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -2304,7 +2360,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "abd377408acc02ee7f2f16320ee9b49a", "MachineType": "AMD64", @@ -2322,83 +2380,83 @@ "SHA1": "b72252c1c92cac65c4a4637816b0a84428d16681", "SHA256": "475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34", "Sections": { - "/4": { - "Entropy": 4.847040002303806, - "Virtual Size": "0x16340" - }, - ".text": { - "Entropy": 5.592334908546112, - "Virtual Size": "0xa00a2" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.509189904315613, "Virtual Size": "0x2d958" }, - "/14": { - "Entropy": 7.133596117970691, - "Virtual Size": "0x4ac" - }, ".dynamic": { "Entropy": 0.8424565006028102, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.211335054777265, + "Virtual Size": "0xe340" + }, ".rela": { "Entropy": 2.602058791274868, "Virtual Size": "0x29598" }, - ".dynsym": { - "Entropy": 3.211335054777265, - "Virtual Size": "0xe340" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.592334908546112, + "Virtual Size": "0xa00a2" + }, + "/14": { + "Entropy": 7.133596117970691, + "Virtual Size": "0x4ac" + }, + "/4": { + "Entropy": 4.847040002303806, + "Virtual Size": "0x16340" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2014-10-01 18:02:10", - "ValidTo": "2016-01-01 18:02:10", - "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000010a4912943d94ce62e000100000010", - "Version": 3, + "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "61509fd4e01160eb7d8007dc182bee5b", "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3", "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953" - } + }, + "ValidFrom": "2014-10-01 18:02:10", + "ValidTo": "2016-01-01 18:02:10", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000010a4912943d94ce62e000100000010", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000010a4912943d94ce62e000100000010", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -2459,7 +2517,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -2522,7 +2582,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -2587,7 +2649,9 @@ "FileVersion": "6.3.9600.20396 (winblue_ltsb_escrow.220602-1730)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "a442859fd33fbf61ed0ea28bbf33bdbb", "MachineType": "AMD64", @@ -2605,10 +2669,6 @@ "SHA1": "a1aee57f1fd4a6768950f74dfb2e2a97853d4733", "SHA256": "c9f47991e981394076050cb8b5cddfcbf9fb01b6d7272b9079082e20e4875cc8", "Sections": { - ".text": { - "Entropy": 6.495613960484225, - "Virtual Size": "0x16dbe4" - }, ".data": { "Entropy": 5.414037738822692, "Virtual Size": "0x6c830" @@ -2617,59 +2677,63 @@ "Entropy": 6.09109331005081, "Virtual Size": "0xa71c" }, + ".reloc": { + "Entropy": 5.408865957224927, + "Virtual Size": "0x998" + }, ".rsrc": { "Entropy": 3.472348575968224, "Virtual Size": "0xfd40" }, - ".reloc": { - "Entropy": 5.408865957224927, - "Virtual Size": "0x998" + ".text": { + "Entropy": 6.495613960484225, + "Virtual Size": "0x16dbe4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2021-09-02 18:23:41", - "ValidTo": "2022-09-01 18:23:41", - "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", - "Version": 3, + "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "46f57c3b860b08484cb79066ac1014ad", "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92", "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b" - } + }, + "ValidFrom": "2021-09-02 18:23:41", + "ValidTo": "2022-09-01 18:23:41", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -2725,7 +2789,9 @@ "FileVersion": "6.3.9600.20772 (winblue_ltsb_escrow.221214-1721)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "3827b6fa1f4022001328be9d79e33b18", "MachineType": "AMD64", @@ -2743,10 +2809,6 @@ "SHA1": "3b0ef33281ba05d9d9259b1fd44bf5d43e5187a4", "SHA256": "3927727eb2435b28d2cf0ce1757e72ce3e92a86362b87120040c744c1c08bce9", "Sections": { - ".text": { - "Entropy": 6.493463299563896, - "Virtual Size": "0x16e004" - }, ".data": { "Entropy": 5.4138887164260945, "Virtual Size": "0x6c850" @@ -2755,59 +2817,63 @@ "Entropy": 6.087141441925473, "Virtual Size": "0xa740" }, + ".reloc": { + "Entropy": 5.408759919158508, + "Virtual Size": "0x998" + }, ".rsrc": { "Entropy": 3.472769777929499, "Virtual Size": "0xfd40" }, - ".reloc": { - "Entropy": 5.408759919158508, - "Virtual Size": "0x998" + ".text": { + "Entropy": 6.493463299563896, + "Virtual Size": "0x16e004" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2022-05-05 19:23:15", - "ValidTo": "2023-05-04 19:23:15", - "Signature": "7aa4402e28e909a6f7ff198a87c8f546fd868da5adf65529e8ced9b8ff16f56d03704671b64454a21437cdc6b47d83ea130e55b30ed223fda526676f6034a0d649e924cdf96d3c26386378d2ab91da329e3ddecbfe21c7f32764df6409a7f82f67c90ab5d9d7c167376487b3579fc1d99201098d2124f91f6558fb03285a49159fcc6d6ff6f8bbbc51f5209689963bebbc504c08089fa7c13e3bbae4f3c77a3a083548f8c95a1504b66fd5cfa658f9353ca231fd085e94f9bdb9bf68e302cae1bb6d483f97b5d4a2d26486fcab72ebe5fd0b555066edd3d894531f836130e309ccf4e98d1b44950efb0812a2190d4b0df3c5bf7ee8123a1d57410cd797dc0ccf", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d", - "Version": 3, + "Signature": "7aa4402e28e909a6f7ff198a87c8f546fd868da5adf65529e8ced9b8ff16f56d03704671b64454a21437cdc6b47d83ea130e55b30ed223fda526676f6034a0d649e924cdf96d3c26386378d2ab91da329e3ddecbfe21c7f32764df6409a7f82f67c90ab5d9d7c167376487b3579fc1d99201098d2124f91f6558fb03285a49159fcc6d6ff6f8bbbc51f5209689963bebbc504c08089fa7c13e3bbae4f3c77a3a083548f8c95a1504b66fd5cfa658f9353ca231fd085e94f9bdb9bf68e302cae1bb6d483f97b5d4a2d26486fcab72ebe5fd0b555066edd3d894531f836130e309ccf4e98d1b44950efb0812a2190d4b0df3c5bf7ee8123a1d57410cd797dc0ccf", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "74a1035aa6d38ec0a7a35a6d143cc612", "SHA1": "62c5627f7d38759edce84eace5ae41fc7a54d6f8", "SHA256": "b6319137740477c564fb2beb1d50929a333f092aa362ce5129085a2c9d4bf489" - } + }, + "ValidFrom": "2022-05-05 19:23:15", + "ValidTo": "2023-05-04 19:23:15", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -2870,7 +2936,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "d984cf8612284adc59b3b73deccb777f", "MachineType": "AMD64", @@ -2888,87 +2956,87 @@ "SHA1": "61ce3d65bef674357febe866d4e922373f809219", "SHA256": "24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f", "Sections": { - "/4": { - "Entropy": 4.865324642604779, - "Virtual Size": "0x189f0" + ".data": { + "Entropy": 4.539674359844269, + "Virtual Size": "0x2ba58" }, - ".text": { - "Entropy": 5.645691672093194, - "Virtual Size": "0x9777e" + ".dynamic": { + "Entropy": 0.8226444693437958, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.205605133391943, + "Virtual Size": "0xdd28" + }, + ".rela": { + "Entropy": 2.6539709907526596, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.645691672093194, + "Virtual Size": "0x9777e" + }, "/14": { "Entropy": 4.946577948119573, "Virtual Size": "0x62" }, - ".data": { - "Entropy": 4.539674359844269, - "Virtual Size": "0x2ba58" - }, "/26": { "Entropy": 7.473113877861932, "Virtual Size": "0x389" }, - ".dynamic": { - "Entropy": 0.8226444693437958, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6539709907526596, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.205605133391943, - "Virtual Size": "0xdd28" + "/4": { + "Entropy": 4.865324642604779, + "Virtual Size": "0x189f0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -3029,7 +3097,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -3094,7 +3164,9 @@ "FileVersion": "6.4.9840.0 (fbl_sec_oss3(dlinsley).140616-1123)", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "9ea079774ed23df340ecc523ddf68045", "MachineType": "AMD64", @@ -3112,22 +3184,6 @@ "SHA1": "34e4cbad02d8dd38e88bc3ab0b2dc47e91b9c02f", "SHA256": "71083eb4f247ac78f52aa09f81054396a0dac1064e1191b5b56a43a6976c5c74", "Sections": { - ".text": { - "Entropy": 6.471130112924717, - "Virtual Size": "0x14af76" - }, - "PAGER32C": { - "Entropy": 6.320430943959415, - "Virtual Size": "0x2e69" - }, - "PAGE": { - "Entropy": 6.5423108965051275, - "Virtual Size": "0x16bb" - }, - ".rdata": { - "Entropy": 5.474744858697431, - "Virtual Size": "0x22024" - }, ".data": { "Entropy": 4.542679524584936, "Virtual Size": "0x620c0" @@ -3136,59 +3192,75 @@ "Entropy": 6.100559280267619, "Virtual Size": "0xa7c4" }, - ".rsrc": { - "Entropy": 3.46970412781484, - "Virtual Size": "0xfce8" + ".rdata": { + "Entropy": 5.474744858697431, + "Virtual Size": "0x22024" }, ".reloc": { "Entropy": 5.4333959598080055, "Virtual Size": "0x99c" + }, + ".rsrc": { + "Entropy": 3.46970412781484, + "Virtual Size": "0xfce8" + }, + ".text": { + "Entropy": 6.471130112924717, + "Virtual Size": "0x14af76" + }, + "PAGE": { + "Entropy": 6.5423108965051275, + "Virtual Size": "0x16bb" + }, + "PAGER32C": { + "Entropy": 6.320430943959415, + "Virtual Size": "0x2e69" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -3251,7 +3323,9 @@ "FileVersion": "", "Filename": "BOOTx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "16e6180b7edfa353678a459079afa5db", "MachineType": "AMD64", @@ -3269,87 +3343,87 @@ "SHA1": "a9874a4b39d64c5116a663883834c2e789b87f99", "SHA256": "50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3", "Sections": { - "/4": { - "Entropy": 4.84610218490152, - "Virtual Size": "0x18860" + ".data": { + "Entropy": 4.47065286455017, + "Virtual Size": "0x29938" }, - ".text": { - "Entropy": 5.6427037826640545, - "Virtual Size": "0x955b3" + ".dynamic": { + "Entropy": 0.8257898339361436, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2089463615530573, + "Virtual Size": "0xdbd8" + }, + ".rela": { + "Entropy": 2.6492203474275433, + "Virtual Size": "0x1aee0" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.6427037826640545, + "Virtual Size": "0x955b3" + }, "/14": { "Entropy": 5.2339069016332305, "Virtual Size": "0xc9" }, - ".data": { - "Entropy": 4.47065286455017, - "Virtual Size": "0x29938" - }, "/26": { "Entropy": 7.287209418645642, "Virtual Size": "0x415" }, - ".dynamic": { - "Entropy": 0.8257898339361436, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6492203474275433, - "Virtual Size": "0x1aee0" - }, - ".dynsym": { - "Entropy": 3.2089463615530573, - "Virtual Size": "0xdbd8" + "/4": { + "Entropy": 4.84610218490152, + "Virtual Size": "0x18860" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -3403,7 +3477,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -3473,7 +3549,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-0.9+1474479173.6c180c6-0ubuntu1/shim", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -3543,7 +3621,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -3615,7 +3695,9 @@ "FileVersion": "", "Filename": "shim.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "89c04150c5f5b596236e04ccf5ef6a2f", "MachineType": "AMD64", @@ -3633,83 +3715,83 @@ "SHA1": "7639a4d8974693df09e8cce6d1e3d0092fa03dcd", "SHA256": "e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9", "Sections": { - "/4": { - "Entropy": 4.84611486714032, - "Virtual Size": "0x17a98" - }, - ".text": { - "Entropy": 5.636185896681617, - "Virtual Size": "0xabc1b" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.794829537696304, "Virtual Size": "0x31df8" }, - "/14": { - "Entropy": 0.6143694458867568, - "Virtual Size": "0x12" - }, ".dynamic": { "Entropy": 1.0127462677005334, "Virtual Size": "0x130" }, + ".dynsym": { + "Entropy": 3.210837608809073, + "Virtual Size": "0xf4e0" + }, ".rela": { "Entropy": 2.6237858498943414, "Virtual Size": "0x29d78" }, - ".dynsym": { - "Entropy": 3.210837608809073, - "Virtual Size": "0xf4e0" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.636185896681617, + "Virtual Size": "0xabc1b" + }, + "/14": { + "Entropy": 0.6143694458867568, + "Virtual Size": "0x12" + }, + "/4": { + "Entropy": 4.84611486714032, + "Virtual Size": "0x17a98" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2013-09-24 17:54:03", - "ValidTo": "2014-12-24 17:54:03", - "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000000a6642f3f49fb7379600010000000a", - "Version": 3, + "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c52110f552e27ebb1e3fae114abafb3f", "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4", "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c" - } + }, + "ValidFrom": "2013-09-24 17:54:03", + "ValidTo": "2014-12-24 17:54:03", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -3765,7 +3847,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "fcc89caed202cfa0f9d16b9e1c27d970", "MachineType": "AMD64", @@ -3783,67 +3867,67 @@ "SHA1": "6a5c3056057baea653d533429110deb3bd7ffec1", "SHA256": "d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94", "Sections": { - ".text": { - "Entropy": 5.627092104649462, - "Virtual Size": "0x1d8c0" - }, "": { "Entropy": -0.0, "Virtual Size": "0x7c8" }, - ".xdata": { - "Entropy": -0.0, - "Virtual Size": "0xa00" - }, ".reloc": { "Entropy": 3.9187065172114592, "Virtual Size": "0x58" + }, + ".text": { + "Entropy": 5.627092104649462, + "Virtual Size": "0x1d8c0" + }, + ".xdata": { + "Entropy": -0.0, + "Virtual Size": "0xa00" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2016-11-17 22:05:37", - "ValidTo": "2018-02-17 22:05:37", - "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001e0d8474951a966ce400010000001e", - "Version": 3, + "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "b6f099bf203668f11a8f79ab08792ed8", "SHA1": "4713755a345940554eada6042e90b0151591fad6", "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb" - } + }, + "ValidFrom": "2016-11-17 22:05:37", + "ValidTo": "2018-02-17 22:05:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -3897,7 +3981,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -3967,7 +4053,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -4030,7 +4118,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "miniloader.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -4100,7 +4190,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -4172,7 +4264,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "9a795b1affc7cb4650bbd99b9a2cd819", "MachineType": "AMD64", @@ -4190,18 +4284,6 @@ "SHA1": "586bf5d3fb1fb21159338701e324d9d26b6aa0e4", "SHA256": "0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c", "Sections": { - "/4": { - "Entropy": 4.828726571617874, - "Virtual Size": "0x17468" - }, - ".text": { - "Entropy": 5.6399775669379935, - "Virtual Size": "0xaa161" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.771556082942012, "Virtual Size": "0x310a8" @@ -4210,59 +4292,71 @@ "Entropy": 0.8341231672694769, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2088436906429743, + "Virtual Size": "0xf1e0" + }, ".rela": { "Entropy": 2.6218967970429325, "Virtual Size": "0x2af90" }, - ".dynsym": { - "Entropy": 3.2088436906429743, - "Virtual Size": "0xf1e0" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.6399775669379935, + "Virtual Size": "0xaa161" + }, + "/4": { + "Entropy": 4.828726571617874, + "Virtual Size": "0x17468" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2012-07-02 22:25:14", - "ValidTo": "2013-10-02 22:25:14", - "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000081eb17e9c15fc837a000100000008", - "Version": 3, + "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c5e24205d04c09c94d81b6935af7ec09", "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82", "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507" - } + }, + "ValidFrom": "2012-07-02 22:25:14", + "ValidTo": "2013-10-02 22:25:14", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -4318,7 +4412,9 @@ "FileVersion": "6.3.9600.18639 (winblue_ltsb.170325-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "83e596b8944ed413e5bbc0c51c0b64c6", "MachineType": "I386", @@ -4336,67 +4432,67 @@ "SHA1": "fab234f84e488343ea0f65072d8785217cabef40", "SHA256": "165a5dcdea3a7de7cfae38298597445eba59282308c7243be50f568aa610f4f2", "Sections": { - ".text": { - "Entropy": 6.635628506909973, - "Virtual Size": "0x130364" - }, ".data": { "Entropy": 6.142432235727058, "Virtual Size": "0x5c7f0" }, + ".reloc": { + "Entropy": 6.764072371259567, + "Virtual Size": "0x5d44" + }, ".rsrc": { "Entropy": 3.4724787157502846, "Virtual Size": "0xfd30" }, - ".reloc": { - "Entropy": 6.764072371259567, - "Virtual Size": "0x5d44" + ".text": { + "Entropy": 6.635628506909973, + "Virtual Size": "0x130364" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2016-10-11 20:39:31", - "ValidTo": "2018-01-11 20:39:31", - "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000001066ec325c431c9180e000000000106", - "Version": 3, + "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "dde4566ad877cdd7257537c5a15caff8", "SHA1": "61ccf092df4eb7534ffc8df983b362e10eb895c2", "SHA256": "0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8" - } + }, + "ValidFrom": "2016-10-11 20:39:31", + "ValidTo": "2018-01-11 20:39:31", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000001066ec325c431c9180e000000000106", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000001066ec325c431c9180e000000000106", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -4452,7 +4548,9 @@ "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1225)", "Filename": "bootia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "670eb63cbc05c4a4fa62f3c63d5b5f0a", "MachineType": "I386", @@ -4470,79 +4568,79 @@ "SHA1": "4c53e7cd05e537f0f730ed2b079200c7e1543a72", "SHA256": "132d59d83c29be7351d35c44b846dfc3f37b3c62bc40eac6aec3fd68e7cfcfde", "Sections": { - ".text": { - "Entropy": 6.640315213526757, - "Virtual Size": "0x117cde" - }, - "PAGER32C": { - "Entropy": 6.501891369169368, - "Virtual Size": "0x3adf" - }, - "PAGE": { - "Entropy": 6.552393775330552, - "Virtual Size": "0x128f" + ".data": { + "Entropy": 5.087579213860843, + "Virtual Size": "0x4db30" }, ".rdata": { "Entropy": 5.206756496774499, "Virtual Size": "0x1a0d8" }, - ".data": { - "Entropy": 5.087579213860843, - "Virtual Size": "0x4db30" + ".reloc": { + "Entropy": 6.753504719085344, + "Virtual Size": "0x5e84" }, ".rsrc": { "Entropy": 3.470390846117556, "Virtual Size": "0xfce0" }, - ".reloc": { - "Entropy": 6.753504719085344, - "Virtual Size": "0x5e84" + ".text": { + "Entropy": 6.640315213526757, + "Virtual Size": "0x117cde" + }, + "PAGE": { + "Entropy": 6.552393775330552, + "Virtual Size": "0x128f" + }, + "PAGER32C": { + "Entropy": 6.501891369169368, + "Virtual Size": "0x3adf" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -4596,7 +4694,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -4661,7 +4761,9 @@ "FileVersion": "6.3.9600.20227 (winblue_ltsb.211204-1700)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "37d03ef09bf90e11e07eed536a7fed7e", "MachineType": "I386", @@ -4679,67 +4781,67 @@ "SHA1": "97e4998bff2642bafef802b3d909e89f69b1046e", "SHA256": "b7313be4901f1a80f84e4e8a6636f090e7125b97fc845d4454d5e4bef3d40ca7", "Sections": { - ".text": { - "Entropy": 6.6338522426228606, - "Virtual Size": "0x132694" - }, ".data": { "Entropy": 6.174248711645025, "Virtual Size": "0x5c8b0" }, + ".reloc": { + "Entropy": 6.752299420294601, + "Virtual Size": "0x5e90" + }, ".rsrc": { "Entropy": 3.472265991210306, "Virtual Size": "0xfd30" }, - ".reloc": { - "Entropy": 6.752299420294601, - "Virtual Size": "0x5e90" + ".text": { + "Entropy": 6.6338522426228606, + "Virtual Size": "0x132694" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2021-09-02 18:23:41", - "ValidTo": "2022-09-01 18:23:41", - "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", - "Version": 3, + "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "46f57c3b860b08484cb79066ac1014ad", "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92", "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b" - } + }, + "ValidFrom": "2021-09-02 18:23:41", + "ValidTo": "2022-09-01 18:23:41", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -4793,7 +4895,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -4856,7 +4960,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -4921,7 +5027,9 @@ "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "1854d98bc963a9a82e0d9abef6bc3873", "MachineType": "AMD64", @@ -4939,10 +5047,6 @@ "SHA1": "dfd1cc6207f892703292d88a29f587db858fc0eb", "SHA256": "dd3ca7c4bf6698e7d72f6c2fb0eb59997336c294d604062ef495ee8e1f49931c", "Sections": { - ".text": { - "Entropy": 6.491145372503799, - "Virtual Size": "0x16a6a4" - }, ".data": { "Entropy": 4.536862186949299, "Virtual Size": "0x6b290" @@ -4951,59 +5055,63 @@ "Entropy": 6.113198153724958, "Virtual Size": "0xa53c" }, + ".reloc": { + "Entropy": 5.391748979025571, + "Virtual Size": "0x960" + }, ".rsrc": { "Entropy": 3.470966782245555, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.391748979025571, - "Virtual Size": "0x960" + ".text": { + "Entropy": 6.491145372503799, + "Virtual Size": "0x16a6a4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -5059,7 +5167,9 @@ "FileVersion": "6.2.9200.16399 (win8_gdr.120820-2123)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "e8b4de749b80b47640ea86b06f56429f", "MachineType": "AMD64", @@ -5077,22 +5187,6 @@ "SHA1": "d79557da8528c045a204a3abf3dcd26b7fb814f3", "SHA256": "905c2df524e664759d55a6dad4b62b58220adc59fec3e852964efc2165b0fc0c", "Sections": { - ".text": { - "Entropy": 6.4845800528218485, - "Virtual Size": "0x109ee2" - }, - "PAGER32C": { - "Entropy": 6.353527581631879, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.510073701345747, - "Virtual Size": "0x169e" - }, - ".rdata": { - "Entropy": 5.418752774603626, - "Virtual Size": "0x19b44" - }, ".data": { "Entropy": 4.629726747704923, "Virtual Size": "0x63cf0" @@ -5101,63 +5195,79 @@ "Entropy": 6.004535487649427, "Virtual Size": "0x8e80" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.418752774603626, + "Virtual Size": "0x19b44" + }, + ".reloc": { + "Entropy": 2.706444085925694, + "Virtual Size": "0x1ab4" }, ".rsrc": { "Entropy": 3.471186192315521, "Virtual Size": "0xfcf4" }, - ".reloc": { - "Entropy": 2.706444085925694, - "Virtual Size": "0x1ab4" + ".text": { + "Entropy": 6.4845800528218485, + "Virtual Size": "0x109ee2" + }, + "PAGE": { + "Entropy": 6.510073701345747, + "Virtual Size": "0x169e" + }, + "PAGER32C": { + "Entropy": 6.353527581631879, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -5213,7 +5323,9 @@ "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "9a3221899f456225679f8e54739100ac", "MachineType": "AMD64", @@ -5231,10 +5343,6 @@ "SHA1": "19a0cfa98525d7ac0edc5b0770e5b1e5dcc4a992", "SHA256": "fd69741dcd1bc0d9ab8a02c2a7ee8d466a58613562536aa8aab5ea260bbdf9c3", "Sections": { - ".text": { - "Entropy": 6.491203662022541, - "Virtual Size": "0x16a6a4" - }, ".data": { "Entropy": 4.535808771844317, "Virtual Size": "0x6b290" @@ -5243,59 +5351,63 @@ "Entropy": 6.109699981025818, "Virtual Size": "0xa53c" }, + ".reloc": { + "Entropy": 5.392289502924012, + "Virtual Size": "0x960" + }, ".rsrc": { "Entropy": 3.470959394300465, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.392289502924012, - "Virtual Size": "0x960" + ".text": { + "Entropy": 6.491203662022541, + "Virtual Size": "0x16a6a4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -5349,7 +5461,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -5421,7 +5535,9 @@ "FileVersion": "", "Filename": "HfiPcieGen3", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "36218d733c0afdd2d6dce6f616335a2f", "MachineType": "AMD64", @@ -5439,67 +5555,67 @@ "SHA1": "96787a55f640b630ba6277197dbdfd14ecf3b87d", "SHA256": "0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f", "Sections": { - ".text": { - "Entropy": 5.464301989959131, - "Virtual Size": "0x36340" - }, ".data": { "Entropy": 6.984348675206676, "Virtual Size": "0x3cb60" }, + ".debug": { + "Entropy": 4.703183509474167, + "Virtual Size": "0xc0" + }, ".reloc": { "Entropy": 6.692193979712798, "Virtual Size": "0x2360" }, - ".debug": { - "Entropy": 4.703183509474167, - "Virtual Size": "0xc0" + ".text": { + "Entropy": 5.464301989959131, + "Virtual Size": "0x36340" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000024c1fb0e65d9747386000100000024", - "Version": 3, + "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "82b02850f57505f0830f6dd30b6aeffd", "SHA1": "e600e0efe4030190c5e0cab9aaad72f4e76db429", "SHA256": "1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000024c1fb0e65d9747386000100000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000024c1fb0e65d9747386000100000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -5553,7 +5669,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "mboot-official_arm64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -5616,7 +5734,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -5681,7 +5801,9 @@ "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "bf4168403960a0df177f58277f06250c", "MachineType": "I386", @@ -5699,67 +5821,67 @@ "SHA1": "6a3777265403ea83fb91ab07988464303e66b172", "SHA256": "669353cc31e65f896a755db94a045d9dc1b4a24baba14fce11d623bdfacec78c", "Sections": { - ".text": { - "Entropy": 6.6503504605349155, - "Virtual Size": "0x12a444" - }, ".data": { "Entropy": 5.269091289979136, "Virtual Size": "0x564f0" }, + ".reloc": { + "Entropy": 5.536154915453736, + "Virtual Size": "0x7f10" + }, ".rsrc": { "Entropy": 3.470992478914469, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.536154915453736, - "Virtual Size": "0x7f10" + ".text": { + "Entropy": 6.6503504605349155, + "Virtual Size": "0x12a444" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -5813,7 +5935,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -5885,7 +6009,9 @@ "FileVersion": "", "Filename": "Signed_13652009334930799/shimia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "22f93e6ecea58e543fcffa73f5c466b3", "MachineType": "I386", @@ -5903,83 +6029,83 @@ "SHA1": "0945ed2479004a84b2d743244ff7dacdb688aa9e", "SHA256": "ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89", "Sections": { - ".text": { - "Entropy": 5.8537436588293055, - "Virtual Size": "0xa0617" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 5.064013199597692, - "Virtual Size": "0x69" - }, ".data": { "Entropy": 5.281820466264779, "Virtual Size": "0x23764" }, - "/16": { - "Entropy": 7.405693653367437, - "Virtual Size": "0x3b3" - }, ".dynamic": { "Entropy": 1.4765954737895086, "Virtual Size": "0x80" }, + ".dynsym": { + "Entropy": 4.413842774423678, + "Virtual Size": "0xa1f0" + }, ".rel": { "Entropy": 3.5626097123135003, "Virtual Size": "0x9798" }, - ".dynsym": { - "Entropy": 4.413842774423678, - "Virtual Size": "0xa1f0" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.8537436588293055, + "Virtual Size": "0xa0617" + }, + "/16": { + "Entropy": 7.405693653367437, + "Virtual Size": "0x3b3" + }, + "/4": { + "Entropy": 5.064013199597692, + "Virtual Size": "0x69" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -6040,7 +6166,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -6110,7 +6238,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -6173,7 +6303,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -6238,7 +6370,9 @@ "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "5692b49c53b4401e76a43c82d7d496de", "MachineType": "AMD64", @@ -6256,10 +6390,6 @@ "SHA1": "6308e47e8133dfe6cf9532213c65b964acebe111", "SHA256": "53af0ddbd3c4d33bd003403d8c9b41877e07770d3e789c781e5897858585e299", "Sections": { - ".text": { - "Entropy": 6.501382294444077, - "Virtual Size": "0x164d34" - }, ".data": { "Entropy": 4.529158876011279, "Virtual Size": "0x6b230" @@ -6268,59 +6398,63 @@ "Entropy": 6.077805756878547, "Virtual Size": "0xa3c8" }, + ".reloc": { + "Entropy": 2.3400563322102284, + "Virtual Size": "0x2000" + }, ".rsrc": { "Entropy": 3.4716247871437864, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 2.3400563322102284, - "Virtual Size": "0x2000" + ".text": { + "Entropy": 6.501382294444077, + "Virtual Size": "0x164d34" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -6383,7 +6517,9 @@ "FileVersion": "", "Filename": "", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "bc5372019b75e9e8257a83a86bd0b33d", "MachineType": "I386", @@ -6401,83 +6537,83 @@ "SHA1": "99cd0326b914b5f6ea53cb2280d9a455bb68d70b", "SHA256": "8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b", "Sections": { - ".text": { - "Entropy": 5.774216074421671, - "Virtual Size": "0x92ab3" - }, - ".reloc": { - "Entropy": 1.5709505944546687, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 5.040573517037893, - "Virtual Size": "0x7e" - }, ".data": { "Entropy": 5.3361211360622445, "Virtual Size": "0x216dc" }, - "/16": { - "Entropy": 7.130706042544344, - "Virtual Size": "0x5f0" - }, ".dynamic": { "Entropy": 1.4043380507095067, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.395499383245927, + "Virtual Size": "0x9380" + }, ".rel": { "Entropy": 3.5471242189199925, "Virtual Size": "0x9718" }, - ".dynsym": { - "Entropy": 4.395499383245927, - "Virtual Size": "0x9380" + ".reloc": { + "Entropy": 1.5709505944546687, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.774216074421671, + "Virtual Size": "0x92ab3" + }, + "/16": { + "Entropy": 7.130706042544344, + "Virtual Size": "0x5f0" + }, + "/4": { + "Entropy": 5.040573517037893, + "Virtual Size": "0x7e" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2019-05-02 21:31:23", - "ValidTo": "2020-05-02 21:31:23", - "Signature": "977d904632387b183cd2f5257baa329d7f537c6f4fc8debcd79358d1e293dc413472d9570abf3aa27047041d96b6c77b855466e096ddc99417584c171ff4c239619a185d80f52131622bbd527228a0229f00a878bf53b3b79dd2e65b0ce48d17c209e27a0e77f1eddc0fd85a8fcb0e66cddefd40bf8afc73830971be672e3245869e219a3902283f00f4a5c1bf6357400fe3d38e2c3e74433e158deff1733e5249b246ab66481e983dbe60a4274286b00d96fe28e794a5823e658cd0c83603769d96a4c4f766e3f5f0a173889eab9da0cfd9517f42d7e9d12b089214c09f21ee561dde677f28cd7ea82b5846fff64be02f195ee75ff499f67821369241536406", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000034a76221f066806d9d000100000034", - "Version": 3, + "Signature": "977d904632387b183cd2f5257baa329d7f537c6f4fc8debcd79358d1e293dc413472d9570abf3aa27047041d96b6c77b855466e096ddc99417584c171ff4c239619a185d80f52131622bbd527228a0229f00a878bf53b3b79dd2e65b0ce48d17c209e27a0e77f1eddc0fd85a8fcb0e66cddefd40bf8afc73830971be672e3245869e219a3902283f00f4a5c1bf6357400fe3d38e2c3e74433e158deff1733e5249b246ab66481e983dbe60a4274286b00d96fe28e794a5823e658cd0c83603769d96a4c4f766e3f5f0a173889eab9da0cfd9517f42d7e9d12b089214c09f21ee561dde677f28cd7ea82b5846fff64be02f195ee75ff499f67821369241536406", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "981b2766a6b1467da361c3f6158b5efb", "SHA1": "2de358273a7fab18d9e8359579e78544e4f90e45", "SHA256": "c9b4b474a8cf82bb390bee17e0eb009360599aafc792dca2c161926e2b9c7f7f" - } + }, + "ValidFrom": "2019-05-02 21:31:23", + "ValidTo": "2020-05-02 21:31:23", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000034a76221f066806d9d000100000034", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000034a76221f066806d9d000100000034", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -6531,7 +6667,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -6594,7 +6732,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -6664,7 +6804,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -6734,7 +6876,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -6799,7 +6943,9 @@ "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1038)", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "c815c638cba6bdc82a6b4f72204ed252", "MachineType": "AMD64", @@ -6817,22 +6963,6 @@ "SHA1": "d2e758288883a7b37a46b773ec0ff61c328e8bf7", "SHA256": "64604ea91f31b815bd0219d56563b9c2d307fc6c71ecc38d498221e0e0e9c4ad", "Sections": { - ".text": { - "Entropy": 6.47422240022722, - "Virtual Size": "0x14ab76" - }, - "PAGER32C": { - "Entropy": 6.320194972365571, - "Virtual Size": "0x2e69" - }, - "PAGE": { - "Entropy": 6.547079200625931, - "Virtual Size": "0x1639" - }, - ".rdata": { - "Entropy": 5.425860402319835, - "Virtual Size": "0x21e54" - }, ".data": { "Entropy": 4.348734060496247, "Virtual Size": "0x63050" @@ -6841,59 +6971,75 @@ "Entropy": 6.080132511208591, "Virtual Size": "0xa758" }, - ".rsrc": { - "Entropy": 3.469760072257071, - "Virtual Size": "0xfce0" + ".rdata": { + "Entropy": 5.425860402319835, + "Virtual Size": "0x21e54" }, ".reloc": { "Entropy": 5.422764555576717, "Virtual Size": "0x988" + }, + ".rsrc": { + "Entropy": 3.469760072257071, + "Virtual Size": "0xfce0" + }, + ".text": { + "Entropy": 6.47422240022722, + "Virtual Size": "0x14ab76" + }, + "PAGE": { + "Entropy": 6.547079200625931, + "Virtual Size": "0x1639" + }, + "PAGER32C": { + "Entropy": 6.320194972365571, + "Virtual Size": "0x2e69" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -6947,7 +7093,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -7017,7 +7165,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -7089,7 +7239,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "c453084032024e3b2dcd648c9406e760", "MachineType": "AMD64", @@ -7107,87 +7259,87 @@ "SHA1": "1316e2b5fb83b29acc00c5050799afb7ccd6b6e2", "SHA256": "fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2", "Sections": { - "/4": { - "Entropy": 4.852580285671373, - "Virtual Size": "0x18c28" + ".data": { + "Entropy": 4.46067866301335, + "Virtual Size": "0x2a358" }, - ".text": { - "Entropy": 5.639910820231437, - "Virtual Size": "0x96ba3" + ".dynamic": { + "Entropy": 0.809123167269477, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2034263115689736, + "Virtual Size": "0xdd40" + }, + ".rela": { + "Entropy": 2.6459313794720467, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.639910820231437, + "Virtual Size": "0x96ba3" + }, "/14": { "Entropy": 5.160331946961136, "Virtual Size": "0x84" }, - ".data": { - "Entropy": 4.46067866301335, - "Virtual Size": "0x2a358" - }, "/26": { "Entropy": 7.338341139988703, "Virtual Size": "0x3e2" }, - ".dynamic": { - "Entropy": 0.809123167269477, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6459313794720467, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.2034263115689736, - "Virtual Size": "0xdd40" + "/4": { + "Entropy": 4.852580285671373, + "Virtual Size": "0x18c28" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -7248,7 +7400,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -7320,7 +7474,9 @@ "FileVersion": "", "Filename": "BOOTX64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "92f1d7fd78d0353c62e5dc8e81f558e2", "MachineType": "AMD64", @@ -7338,87 +7494,87 @@ "SHA1": "a63dbf2c3b022c5d70c20e674ab8066a2b3290c7", "SHA256": "06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04", "Sections": { - "/4": { - "Entropy": 4.852580285671373, - "Virtual Size": "0x18c28" + ".data": { + "Entropy": 4.460859983643804, + "Virtual Size": "0x2a358" }, - ".text": { - "Entropy": 5.63990249860699, - "Virtual Size": "0x96ba3" + ".dynamic": { + "Entropy": 0.809123167269477, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2034263115689736, + "Virtual Size": "0xdd40" + }, + ".rela": { + "Entropy": 2.6459313794720467, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.63990249860699, + "Virtual Size": "0x96ba3" + }, "/14": { "Entropy": 5.146942838207223, "Virtual Size": "0x84" }, - ".data": { - "Entropy": 4.460859983643804, - "Virtual Size": "0x2a358" - }, "/26": { "Entropy": 7.130706042544344, "Virtual Size": "0x5f0" }, - ".dynamic": { - "Entropy": 0.809123167269477, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6459313794720467, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.2034263115689736, - "Virtual Size": "0xdd40" + "/4": { + "Entropy": 4.852580285671373, + "Virtual Size": "0x18c28" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -7472,7 +7628,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -7535,7 +7693,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -7598,7 +7758,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -7668,7 +7830,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -7738,7 +7902,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "BOOTX64.EFI", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -7803,7 +7969,9 @@ "FileVersion": "6.3.9600.18515 (winblue_ltsb.161012-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "3560dd8322a15d0e23d3747e32a04ebc", "MachineType": "AMD64", @@ -7821,10 +7989,6 @@ "SHA1": "5ecee585f6f31b380d65407f6b73dbaf03388624", "SHA256": "7c6f0f7062aca9c286fb921917747c8b65ff4a69eb71102b90c1570b4c521fea", "Sections": { - ".text": { - "Entropy": 6.491384926143433, - "Virtual Size": "0x16acf4" - }, ".data": { "Entropy": 5.389266574153063, "Virtual Size": "0x6c590" @@ -7833,59 +7997,63 @@ "Entropy": 6.105064334989352, "Virtual Size": "0xa554" }, + ".reloc": { + "Entropy": 5.403599915824733, + "Virtual Size": "0x968" + }, ".rsrc": { "Entropy": 3.471738871242664, "Virtual Size": "0xfd30" }, - ".reloc": { - "Entropy": 5.403599915824733, - "Virtual Size": "0x968" + ".text": { + "Entropy": 6.491384926143433, + "Virtual Size": "0x16acf4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -7946,7 +8114,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8016,7 +8186,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "centos-7.9-shim-20200726-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8079,7 +8251,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8149,7 +8323,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8219,7 +8395,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8289,7 +8467,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -8354,7 +8534,9 @@ "FileVersion": "6.2.9200.20521 (win8_ldr.120919-1813)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "7c2bf377d0edb86f010d202d48024145", "MachineType": "AMD64", @@ -8372,22 +8554,6 @@ "SHA1": "5dd4309442a74a780e3e099f0625b1eed2e54c25", "SHA256": "ec89ddd37880430cd5242f5f15d13f4cf699f50dbe04643e5b70093631608204", "Sections": { - ".text": { - "Entropy": 6.484872015753315, - "Virtual Size": "0x109ee2" - }, - "PAGER32C": { - "Entropy": 6.353319232465821, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.514825397638524, - "Virtual Size": "0x169e" - }, - ".rdata": { - "Entropy": 5.4212846406362525, - "Virtual Size": "0x19b34" - }, ".data": { "Entropy": 4.628310210600715, "Virtual Size": "0x63cf0" @@ -8396,63 +8562,79 @@ "Entropy": 6.014681487785778, "Virtual Size": "0x8e8c" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.4212846406362525, + "Virtual Size": "0x19b34" + }, + ".reloc": { + "Entropy": 2.70744089792279, + "Virtual Size": "0x1ab4" }, ".rsrc": { "Entropy": 3.471043136394146, "Virtual Size": "0xfcf4" }, - ".reloc": { - "Entropy": 2.70744089792279, - "Virtual Size": "0x1ab4" + ".text": { + "Entropy": 6.484872015753315, + "Virtual Size": "0x109ee2" + }, + "PAGE": { + "Entropy": 6.514825397638524, + "Virtual Size": "0x169e" + }, + "PAGER32C": { + "Entropy": 6.353319232465821, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -8506,7 +8688,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8569,7 +8753,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8632,7 +8818,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -8702,7 +8890,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8765,7 +8955,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8828,7 +9020,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -8898,7 +9092,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -8970,7 +9166,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "0008d969a43a2b94edd849cdee6ae3c9", "MachineType": "AMD64", @@ -8988,87 +9186,87 @@ "SHA1": "d58b60ac3b5fdd3d52a9bc8da3e73c2a13ad36f6", "SHA256": "3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f", "Sections": { - "/4": { - "Entropy": 4.862207156121677, - "Virtual Size": "0x187d0" + ".data": { + "Entropy": 4.510419511401317, + "Virtual Size": "0x2aad8" }, - ".text": { - "Entropy": 5.644091890418596, - "Virtual Size": "0x9599e" + ".dynamic": { + "Entropy": 0.7842520391300999, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2106323395732113, + "Virtual Size": "0xdd10" + }, + ".rela": { + "Entropy": 2.652342087574957, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.644091890418596, + "Virtual Size": "0x9599e" + }, "/14": { "Entropy": 4.946577948119573, "Virtual Size": "0x62" }, - ".data": { - "Entropy": 4.510419511401317, - "Virtual Size": "0x2aad8" - }, "/26": { "Entropy": 7.20273225550972, "Virtual Size": "0xb79" }, - ".dynamic": { - "Entropy": 0.7842520391300999, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.652342087574957, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.2106323395732113, - "Virtual Size": "0xdd10" + "/4": { + "Entropy": 4.862207156121677, + "Virtual Size": "0x187d0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -9122,7 +9320,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -9192,7 +9392,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -9262,7 +9464,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -9334,7 +9538,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "390218e8b12b9b5a8985baf49e163930", "MachineType": "AMD64", @@ -9352,87 +9558,87 @@ "SHA1": "d8f34bcb62883019182a69e25f0b71caa3fcabdc", "SHA256": "0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb", "Sections": { - "/4": { - "Entropy": 4.850383937155969, - "Virtual Size": "0x18c28" + ".data": { + "Entropy": 4.4633509004578, + "Virtual Size": "0x2a358" }, - ".text": { - "Entropy": 5.640931943255041, - "Virtual Size": "0x96ce3" + ".dynamic": { + "Entropy": 0.809123167269477, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2029723126169776, + "Virtual Size": "0xdd88" + }, + ".rela": { + "Entropy": 2.6478060576511773, + "Virtual Size": "0x1b0a8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.640931943255041, + "Virtual Size": "0x96ce3" + }, "/14": { "Entropy": 5.127727685417211, "Virtual Size": "0x84" }, - ".data": { - "Entropy": 4.4633509004578, - "Virtual Size": "0x2a358" - }, "/26": { "Entropy": 7.339046392262435, "Virtual Size": "0x9c7" }, - ".dynamic": { - "Entropy": 0.809123167269477, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6478060576511773, - "Virtual Size": "0x1b0a8" - }, - ".dynsym": { - "Entropy": 3.2029723126169776, - "Virtual Size": "0xdd88" + "/4": { + "Entropy": 4.850383937155969, + "Virtual Size": "0x18c28" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -9493,7 +9699,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -9563,7 +9771,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -9633,7 +9843,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "cent-8.3-20200730-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -9696,7 +9908,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -9768,7 +9982,9 @@ "FileVersion": "", "Filename": "shim.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "d407a4d3a9887218394aa73e94ffbde5", "MachineType": "AMD64", @@ -9786,83 +10002,83 @@ "SHA1": "d483cd3de769ee4a2bd69c498501e7764656fb75", "SHA256": "9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba", "Sections": { - "/4": { - "Entropy": 4.852850797014689, - "Virtual Size": "0x17d58" - }, - ".text": { - "Entropy": 5.634947420095376, - "Virtual Size": "0xab9fb" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.804980130818098, "Virtual Size": "0x32158" }, - "/14": { - "Entropy": 0.6143694458867568, - "Virtual Size": "0x12" - }, ".dynamic": { "Entropy": 1.0259041624373757, "Virtual Size": "0x130" }, + ".dynsym": { + "Entropy": 3.212193108334823, + "Virtual Size": "0xf5a0" + }, ".rela": { "Entropy": 2.622199242754339, "Virtual Size": "0x29d78" }, - ".dynsym": { - "Entropy": 3.212193108334823, - "Virtual Size": "0xf5a0" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.634947420095376, + "Virtual Size": "0xab9fb" + }, + "/14": { + "Entropy": 0.6143694458867568, + "Virtual Size": "0x12" + }, + "/4": { + "Entropy": 4.852850797014689, + "Virtual Size": "0x17d58" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2013-09-24 17:54:03", - "ValidTo": "2014-12-24 17:54:03", - "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000000a6642f3f49fb7379600010000000a", - "Version": 3, + "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c52110f552e27ebb1e3fae114abafb3f", "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4", "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c" - } + }, + "ValidFrom": "2013-09-24 17:54:03", + "ValidTo": "2014-12-24 17:54:03", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -9923,7 +10139,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -9986,7 +10204,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -10049,7 +10269,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -10112,7 +10334,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -10175,7 +10399,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -10238,7 +10464,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -10310,7 +10538,9 @@ "FileVersion": "", "Filename": "grubnetx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "f383b5c1f0cb8806742c8df990bc7803", "MachineType": "AMD64", @@ -10328,21 +10558,21 @@ "SHA1": "c1f26b124fcfb2c73ec9c9cfafe3fcfbc269d4e7", "SHA256": "8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101", "Sections": { - ".text": { - "Entropy": 5.571601531682557, - "Virtual Size": "0xb000" - }, ".data": { "Entropy": 1.2839449201733235, "Virtual Size": "0xf000" }, - "mods": { - "Entropy": 4.318730379441639, - "Virtual Size": "0x142000" - }, ".reloc": { "Entropy": 5.904300253815697, "Virtual Size": "0x1000" + }, + ".text": { + "Entropy": 5.571601531682557, + "Virtual Size": "0xb000" + }, + "mods": { + "Entropy": 4.318730379441639, + "Virtual Size": "0x142000" } }, "Signature": "", @@ -10398,7 +10628,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -10461,7 +10693,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -10533,7 +10767,9 @@ "FileVersion": "", "Filename": "shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "9bdc83ad343e8745e1f3d55c36cf2df6", "MachineType": "AMD64", @@ -10551,41 +10787,41 @@ "SHA1": "095b16e4a405e6d6dbdfc1475c941c64201d41b5", "SHA256": "84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102", "Sections": { - "/4": { - "Entropy": 4.8785374734689935, - "Virtual Size": "0x1f0c8" + ".data": { + "Entropy": 4.412613928549267, + "Virtual Size": "0x2db68" }, - ".text": { - "Entropy": 5.683178156318327, - "Virtual Size": "0xa3c01" + ".dynamic": { + "Entropy": 0.8630797231656377, + "Virtual Size": "0x100" + }, + ".dynsym": { + "Entropy": 3.2062260361646557, + "Virtual Size": "0xf378" + }, + ".rela": { + "Entropy": 2.6535499216585814, + "Virtual Size": "0x1c6f8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.683178156318327, + "Virtual Size": "0xa3c01" + }, "/14": { "Entropy": 5.205469492567452, "Virtual Size": "0x84" }, - ".data": { - "Entropy": 4.412613928549267, - "Virtual Size": "0x2db68" - }, "/26": { "Entropy": 7.322772708526002, "Virtual Size": "0x449" }, - ".dynamic": { - "Entropy": 0.8630797231656377, - "Virtual Size": "0x100" - }, - ".rela": { - "Entropy": 2.6535499216585814, - "Virtual Size": "0x1c6f8" - }, - ".dynsym": { - "Entropy": 3.2062260361646557, - "Virtual Size": "0xf378" + "/4": { + "Entropy": 4.8785374734689935, + "Virtual Size": "0x1f0c8" } }, "Signature": "", @@ -10648,7 +10884,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -10711,7 +10949,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -10774,7 +11014,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -10846,7 +11088,9 @@ "FileVersion": "", "Filename": "BOOTia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "69a56b18be5865ccda9ab3a5bb4987ab", "MachineType": "I386", @@ -10864,83 +11108,83 @@ "SHA1": "ec708522ed126c2bc6b8e3306c8231351927e369", "SHA256": "a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3", "Sections": { - ".text": { - "Entropy": 5.839449556174616, - "Virtual Size": "0x92f08" - }, - ".reloc": { - "Entropy": 1.5709505944546687, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 5.2339069016332305, - "Virtual Size": "0xc9" - }, ".data": { "Entropy": 5.335073549417548, "Virtual Size": "0x20adc" }, - "/16": { - "Entropy": 7.287209418645642, - "Virtual Size": "0x415" - }, ".dynamic": { "Entropy": 1.337010437462914, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.38880926502971, + "Virtual Size": "0x9280" + }, ".rel": { "Entropy": 3.5663663055705634, "Virtual Size": "0x8fa0" }, - ".dynsym": { - "Entropy": 4.38880926502971, - "Virtual Size": "0x9280" + ".reloc": { + "Entropy": 1.5709505944546687, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.839449556174616, + "Virtual Size": "0x92f08" + }, + "/16": { + "Entropy": 7.287209418645642, + "Virtual Size": "0x415" + }, + "/4": { + "Entropy": 5.2339069016332305, + "Virtual Size": "0xc9" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -10996,7 +11240,9 @@ "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "b93d4a486013424efe0fb34668b50b85", "MachineType": "I386", @@ -11014,67 +11260,67 @@ "SHA1": "71ff189bcbb7e43d0793a0efb827f7225fb122b0", "SHA256": "4f3e97e36ec05236dc378c544310a9685d57409b87020bee731d7ddbf90987c6", "Sections": { - ".text": { - "Entropy": 6.632108331411666, - "Virtual Size": "0x130264" - }, ".data": { "Entropy": 5.287095365347617, "Virtual Size": "0x5b510" }, + ".reloc": { + "Entropy": 6.7662012546004755, + "Virtual Size": "0x5d00" + }, ".rsrc": { "Entropy": 3.471496237401348, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 6.7662012546004755, - "Virtual Size": "0x5d00" + ".text": { + "Entropy": 6.632108331411666, + "Virtual Size": "0x130264" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -11128,7 +11374,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -11193,7 +11441,9 @@ "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "e7ae8ab50eae0f2730780d6e87a165cc", "MachineType": "I386", @@ -11211,83 +11461,83 @@ "SHA1": "339702656fbb6e001e9a283dbd54567323f0332f", "SHA256": "88582f3cae30afd77990944709ac4e272d68cdc009d9c3ff6f7c2e19e74f5975", "Sections": { + ".data": { + "Entropy": 5.3304508105703245, + "Virtual Size": "0x56510" + }, + ".rdata": { + "Entropy": 5.897305248359915, + "Virtual Size": "0x154c4" + }, + ".reloc": { + "Entropy": 5.536942764112647, + "Virtual Size": "0x7fe4" + }, + ".rsrc": { + "Entropy": 3.4708887278026244, + "Virtual Size": "0xfd10" + }, ".text": { "Entropy": 6.634660604406808, "Virtual Size": "0x11125e" }, - "PAGER32C": { - "Entropy": 6.5590017342718845, - "Virtual Size": "0x4795" - }, "PAGE": { "Entropy": 6.562392196399758, "Virtual Size": "0x1333" }, - ".rdata": { - "Entropy": 5.897305248359915, - "Virtual Size": "0x154c4" - }, - ".data": { - "Entropy": 5.3304508105703245, - "Virtual Size": "0x56510" + "PAGER32C": { + "Entropy": 6.5590017342718845, + "Virtual Size": "0x4795" }, "PAGER32R": { "Entropy": 7.124151697179559, "Virtual Size": "0x100" - }, - ".rsrc": { - "Entropy": 3.4708887278026244, - "Virtual Size": "0xfd10" - }, - ".reloc": { - "Entropy": 5.536942764112647, - "Virtual Size": "0x7fe4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -11343,7 +11593,9 @@ "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "dbed1f7ed9e19e53bfc7f43122ce3d83", "MachineType": "AMD64", @@ -11361,22 +11613,6 @@ "SHA1": "765ce680a932d9f36a6b09c2191c9e2cab1a89cd", "SHA256": "c6b0d030bb3e54294742b3914ae76c949e52a065abb28d08054fdf90d7eed628", "Sections": { - ".text": { - "Entropy": 6.484872015753315, - "Virtual Size": "0x109ee2" - }, - "PAGER32C": { - "Entropy": 6.353319232465821, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.514825397638524, - "Virtual Size": "0x169e" - }, - ".rdata": { - "Entropy": 5.421235290994017, - "Virtual Size": "0x19b34" - }, ".data": { "Entropy": 4.628310210600715, "Virtual Size": "0x63cf0" @@ -11385,63 +11621,79 @@ "Entropy": 6.014681487785778, "Virtual Size": "0x8e8c" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.421235290994017, + "Virtual Size": "0x19b34" + }, + ".reloc": { + "Entropy": 2.70744089792279, + "Virtual Size": "0x1ab4" }, ".rsrc": { "Entropy": 3.4710594887067385, "Virtual Size": "0xfcf4" }, - ".reloc": { - "Entropy": 2.70744089792279, - "Virtual Size": "0x1ab4" + ".text": { + "Entropy": 6.484872015753315, + "Virtual Size": "0x109ee2" + }, + "PAGE": { + "Entropy": 6.514825397638524, + "Virtual Size": "0x169e" + }, + "PAGER32C": { + "Entropy": 6.353319232465821, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -11502,7 +11754,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -11565,7 +11819,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -11630,7 +11886,9 @@ "FileVersion": "6.3.9600.18067 (winblue_ltsb.150929-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "aad10724a4a2b676a69459a61124efec", "MachineType": "AMD64", @@ -11648,10 +11906,6 @@ "SHA1": "e41e22000179036196670a70b71dc199f503f803", "SHA256": "25933d1597ead1c390abc59433aec7c8f955c588551024c88c6388afbc84ed40", "Sections": { - ".text": { - "Entropy": 6.489801499882737, - "Virtual Size": "0x169a84" - }, ".data": { "Entropy": 4.539922885880969, "Virtual Size": "0x6b290" @@ -11660,59 +11914,63 @@ "Entropy": 6.0876428216562735, "Virtual Size": "0xa518" }, + ".reloc": { + "Entropy": 5.3873912473580265, + "Virtual Size": "0x960" + }, ".rsrc": { "Entropy": 3.471196048302116, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.3873912473580265, - "Virtual Size": "0x960" + ".text": { + "Entropy": 6.489801499882737, + "Virtual Size": "0x169a84" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -11768,7 +12026,9 @@ "FileVersion": "6.4.9840.0 (fbl_sec_oss3(dlinsley).140616-1123)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "ec46eab41a4c2ffd8c352d6e0dea430b", "MachineType": "AMD64", @@ -11786,10 +12046,6 @@ "SHA1": "5b65a8b1427f80e9c997bbad4e66dd36742314f7", "SHA256": "e0df7ce01e42a61228f4005fcdb9c42675ff7280a0be9ec1c32ad9d5e0493f10", "Sections": { - ".text": { - "Entropy": 6.474331847803071, - "Virtual Size": "0x171504" - }, ".data": { "Entropy": 4.473253546138282, "Virtual Size": "0x620c0" @@ -11798,59 +12054,63 @@ "Entropy": 6.082213472250921, "Virtual Size": "0xa7c4" }, + ".reloc": { + "Entropy": 5.415490038570185, + "Virtual Size": "0x99c" + }, ".rsrc": { "Entropy": 3.47008160921905, "Virtual Size": "0xfce8" }, - ".reloc": { - "Entropy": 5.415490038570185, - "Virtual Size": "0x99c" + ".text": { + "Entropy": 6.474331847803071, + "Virtual Size": "0x171504" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -11913,7 +12173,9 @@ "FileVersion": "", "Filename": "gcdx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "4a7dcdd069fcdf8d7319ea5e135403fb", "MachineType": "AMD64", @@ -11931,21 +12193,21 @@ "SHA1": "f48de3320923666bd1a9690f993a6d83ed420c24", "SHA256": "0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a", "Sections": { - ".text": { - "Entropy": 5.571601531682557, - "Virtual Size": "0xb000" - }, ".data": { "Entropy": 1.2839449201733235, "Virtual Size": "0xf000" }, - "mods": { - "Entropy": 4.3228367643315035, - "Virtual Size": "0x13e000" - }, ".reloc": { "Entropy": 5.904300253815697, "Virtual Size": "0x1000" + }, + ".text": { + "Entropy": 5.571601531682557, + "Virtual Size": "0xb000" + }, + "mods": { + "Entropy": 4.3228367643315035, + "Virtual Size": "0x13e000" } }, "Signature": "", @@ -12008,7 +12270,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-7.9-20200730-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -12071,7 +12335,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -12141,7 +12407,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-8.3-shim-20200726-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -12204,7 +12472,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -12276,7 +12546,9 @@ "FileVersion": "", "Filename": "shim-13-0ubuntu2/shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "a27c33dada320aff0672ce32f953ffbc", "MachineType": "AMD64", @@ -12294,41 +12566,41 @@ "SHA1": "412391ed50bdc33f24da222c7d79c00dcafbaddb", "SHA256": "9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0", "Sections": { - "/4": { - "Entropy": 4.859071012200417, - "Virtual Size": "0x18680" + ".data": { + "Entropy": 4.5618243060977575, + "Virtual Size": "0x2a688" }, - ".text": { - "Entropy": 5.636950908142091, - "Virtual Size": "0x94f6a" + ".dynamic": { + "Entropy": 0.8630797231656377, + "Virtual Size": "0x100" + }, + ".dynsym": { + "Entropy": 3.212807020759649, + "Virtual Size": "0xedf0" + }, + ".rela": { + "Entropy": 2.6508835902550336, + "Virtual Size": "0x1ae80" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.636950908142091, + "Virtual Size": "0x94f6a" + }, "/14": { "Entropy": 5.317320051092131, "Virtual Size": "0xd2" }, - ".data": { - "Entropy": 4.5618243060977575, - "Virtual Size": "0x2a688" - }, "/26": { "Entropy": 7.322772708526002, "Virtual Size": "0x449" }, - ".dynamic": { - "Entropy": 0.8630797231656377, - "Virtual Size": "0x100" - }, - ".rela": { - "Entropy": 2.6508835902550336, - "Virtual Size": "0x1ae80" - }, - ".dynsym": { - "Entropy": 3.212807020759649, - "Virtual Size": "0xedf0" + "/4": { + "Entropy": 4.859071012200417, + "Virtual Size": "0x18680" } }, "Signature": "", @@ -12384,7 +12656,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -12454,7 +12728,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -12517,7 +12793,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -12587,7 +12865,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -12657,7 +12937,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -12729,7 +13011,9 @@ "FileVersion": "", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "c86257e19730c49e2abfbdf19e322c49", "MachineType": "AMD64", @@ -12747,18 +13031,6 @@ "SHA1": "6a9e3957a060061c09a674ed338df34af8f23540", "SHA256": "f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b", "Sections": { - "/4": { - "Entropy": 4.818597410150845, - "Virtual Size": "0x17158" - }, - ".text": { - "Entropy": 5.636154950062723, - "Virtual Size": "0xa8b3d" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.785189552901681, "Virtual Size": "0x30b48" @@ -12767,59 +13039,71 @@ "Entropy": 0.8341231672694769, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2123348112059116, + "Virtual Size": "0xf090" + }, ".rela": { "Entropy": 2.630441034461607, "Virtual Size": "0x2af48" }, - ".dynsym": { - "Entropy": 3.2123348112059116, - "Virtual Size": "0xf090" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.636154950062723, + "Virtual Size": "0xa8b3d" + }, + "/4": { + "Entropy": 4.818597410150845, + "Virtual Size": "0x17158" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2012-07-02 22:25:14", - "ValidTo": "2013-10-02 22:25:14", - "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000081eb17e9c15fc837a000100000008", - "Version": 3, + "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c5e24205d04c09c94d81b6935af7ec09", "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82", "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507" - } + }, + "ValidFrom": "2012-07-02 22:25:14", + "ValidTo": "2013-10-02 22:25:14", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -12882,7 +13166,9 @@ "FileVersion": "", "Filename": "shim-0.4-0ubuntu4/shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "8712d45e1ae024cb45067ad5918e12da", "MachineType": "AMD64", @@ -12900,37 +13186,37 @@ "SHA1": "a6aa33d40dacfcc964b01a5c18d26829d362fbce", "SHA256": "702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed", "Sections": { - "/4": { - "Entropy": 4.852971920873678, - "Virtual Size": "0x176f8" - }, - ".text": { - "Entropy": 5.634227672572103, - "Virtual Size": "0xa84d5" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.791429945661147, "Virtual Size": "0x30b48" }, - "/14": { - "Entropy": 7.33045778996378, - "Virtual Size": "0x441" - }, ".dynamic": { "Entropy": 0.8174565006028103, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2126934517254524, + "Virtual Size": "0xf120" + }, ".rela": { "Entropy": 2.627268789314352, "Virtual Size": "0x299a0" }, - ".dynsym": { - "Entropy": 3.2126934517254524, - "Virtual Size": "0xf120" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.634227672572103, + "Virtual Size": "0xa84d5" + }, + "/14": { + "Entropy": 7.33045778996378, + "Virtual Size": "0x441" + }, + "/4": { + "Entropy": 4.852971920873678, + "Virtual Size": "0x176f8" } }, "Signature": "", @@ -12993,7 +13279,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "Signed_13652009334930799/shimaa64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -13056,7 +13344,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -13126,7 +13416,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -13191,7 +13483,9 @@ "FileVersion": "6.2.9200.20516 (win8_ldr.120913-1503)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "7f5843d48a960315b047e5231470e1b6", "MachineType": "I386", @@ -13209,83 +13503,83 @@ "SHA1": "a9f1a7c49b57694d6f44de42e7675ccf07e0a57e", "SHA256": "81199ecb7a384d04f4e0f5541af731ca6ab0a04f1e2d692b4c386e0f02f15009", "Sections": { + ".data": { + "Entropy": 5.32099548613425, + "Virtual Size": "0x54bf0" + }, + ".rdata": { + "Entropy": 5.359607054105938, + "Virtual Size": "0x122aa" + }, + ".reloc": { + "Entropy": 6.124599725636047, + "Virtual Size": "0x61b0" + }, + ".rsrc": { + "Entropy": 3.470952087691717, + "Virtual Size": "0xfcf4" + }, ".text": { "Entropy": 6.641518892559521, "Virtual Size": "0xdd286" }, - "PAGER32C": { - "Entropy": 6.572183780133045, - "Virtual Size": "0x4805" - }, "PAGE": { "Entropy": 6.502474956779901, "Virtual Size": "0x12ab" }, - ".rdata": { - "Entropy": 5.359607054105938, - "Virtual Size": "0x122aa" - }, - ".data": { - "Entropy": 5.32099548613425, - "Virtual Size": "0x54bf0" + "PAGER32C": { + "Entropy": 6.572183780133045, + "Virtual Size": "0x4805" }, "PAGER32R": { "Entropy": 7.631412897966042, "Virtual Size": "0x380" - }, - ".rsrc": { - "Entropy": 3.470952087691717, - "Virtual Size": "0xfcf4" - }, - ".reloc": { - "Entropy": 6.124599725636047, - "Virtual Size": "0x61b0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -13339,7 +13633,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -13411,7 +13707,9 @@ "FileVersion": "", "Filename": "", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "5917ac93685b816492c5476071db3871", "MachineType": "AMD64", @@ -13429,83 +13727,83 @@ "SHA1": "f039244623179184ac63f73797aee7f926f2132e", "SHA256": "6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5", "Sections": { - "/4": { - "Entropy": 4.796856025961145, - "Virtual Size": "0x13ab0" - }, - ".text": { - "Entropy": 5.612002982618474, - "Virtual Size": "0x87259" - }, - ".reloc": { - "Entropy": 1.3567796494470397, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.362375087615993, "Virtual Size": "0x24058" }, - "/14": { - "Entropy": 7.113430283211426, - "Virtual Size": "0x603" - }, ".dynamic": { "Entropy": 0.8424565006028102, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.188660636162784, + "Virtual Size": "0xcc30" + }, ".rela": { "Entropy": 2.5870428023786656, "Virtual Size": "0x24ea0" }, - ".dynsym": { - "Entropy": 3.188660636162784, - "Virtual Size": "0xcc30" + ".reloc": { + "Entropy": 1.3567796494470397, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.612002982618474, + "Virtual Size": "0x87259" + }, + "/14": { + "Entropy": 7.113430283211426, + "Virtual Size": "0x603" + }, + "/4": { + "Entropy": 4.796856025961145, + "Virtual Size": "0x13ab0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2015-10-28 20:43:37", - "ValidTo": "2017-01-28 20:43:37", - "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000018e730837f472a7b5b000100000018", - "Version": 3, + "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "d442a6ab238e766c07d33f02d299a9a5", "SHA1": "3fb2a93548919ed386a441800a5d941ee358e38f", "SHA256": "8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb" - } + }, + "ValidFrom": "2015-10-28 20:43:37", + "ValidTo": "2017-01-28 20:43:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000018e730837f472a7b5b000100000018", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000018e730837f472a7b5b000100000018", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -13566,7 +13864,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -13629,7 +13929,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -13692,7 +13994,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -13762,7 +14066,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -13825,7 +14131,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -13890,7 +14198,9 @@ "FileVersion": "6.3.9600.20227 (winblue_ltsb.211204-1700)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "007e746f6aeff8bcb4479e6e49236260", "MachineType": "AMD64", @@ -13908,10 +14218,6 @@ "SHA1": "3971fa916c03c91a66e72c58ad766724b6a5c219", "SHA256": "62288f1f5f2f8529292eb45c2ae2a33d1057a3dec12164958e76ded36fbe712b", "Sections": { - ".text": { - "Entropy": 6.492974348184544, - "Virtual Size": "0x16d9e4" - }, ".data": { "Entropy": 5.416154317517693, "Virtual Size": "0x6c7f0" @@ -13920,59 +14226,63 @@ "Entropy": 6.082245001282489, "Virtual Size": "0xa704" }, + ".reloc": { + "Entropy": 5.406889572520271, + "Virtual Size": "0x994" + }, ".rsrc": { "Entropy": 3.4720882192142506, "Virtual Size": "0xfd30" }, - ".reloc": { - "Entropy": 5.406889572520271, - "Virtual Size": "0x994" + ".text": { + "Entropy": 6.492974348184544, + "Virtual Size": "0x16d9e4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2021-09-02 18:23:41", - "ValidTo": "2022-09-01 18:23:41", - "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", - "Version": 3, + "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "46f57c3b860b08484cb79066ac1014ad", "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92", "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b" - } + }, + "ValidFrom": "2021-09-02 18:23:41", + "ValidTo": "2022-09-01 18:23:41", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -14028,7 +14338,9 @@ "FileVersion": "6.3.9600.17109 (winblue_gdr.140426-0111)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "86f6426a9b47dc73eb8c8bafbb46799f", "MachineType": "AMD64", @@ -14046,10 +14358,6 @@ "SHA1": "c730aa1c864f3b802de8d123b5b883dc9b2ce81b", "SHA256": "00550ccee4edfefd7b7fb54864d0aa5df059885e9e79ff80d4fb134b4487c05d", "Sections": { - ".text": { - "Entropy": 6.504411864376694, - "Virtual Size": "0x167854" - }, ".data": { "Entropy": 4.531675396212995, "Virtual Size": "0x6b2b0" @@ -14058,59 +14366,63 @@ "Entropy": 6.086465742838075, "Virtual Size": "0xa4a0" }, + ".reloc": { + "Entropy": 2.3314984387449065, + "Virtual Size": "0x2020" + }, ".rsrc": { "Entropy": 3.4710786971088847, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 2.3314984387449065, - "Virtual Size": "0x2020" + ".text": { + "Entropy": 6.504411864376694, + "Virtual Size": "0x167854" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -14173,7 +14485,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "6d83b980fd7541fbe793a891b95d5621", "MachineType": "AMD64", @@ -14191,87 +14505,87 @@ "SHA1": "224b166130e25c00ac9a6c33d7816acc6b98cde5", "SHA256": "d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3", "Sections": { - "/4": { - "Entropy": 4.837270867662857, - "Virtual Size": "0x1ebf8" + ".data": { + "Entropy": 4.419173693560442, + "Virtual Size": "0x2c518" }, - ".text": { - "Entropy": 5.61945309796477, - "Virtual Size": "0x9be5f" + ".dynamic": { + "Entropy": 0.7957307370557809, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2164293589099726, + "Virtual Size": "0x10230" + }, + ".rela": { + "Entropy": 2.655945791385897, + "Virtual Size": "0x1c548" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.61945309796477, + "Virtual Size": "0x9be5f" + }, "/14": { "Entropy": 5.255022427055196, "Virtual Size": "0xe4" }, - ".data": { - "Entropy": 4.419173693560442, - "Virtual Size": "0x2c518" - }, "/26": { "Entropy": 7.338341139988703, "Virtual Size": "0x3e2" }, - ".dynamic": { - "Entropy": 0.7957307370557809, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.655945791385897, - "Virtual Size": "0x1c548" - }, - ".dynsym": { - "Entropy": 3.2164293589099726, - "Virtual Size": "0x10230" + "/4": { + "Entropy": 4.837270867662857, + "Virtual Size": "0x1ebf8" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2016-11-17 22:05:37", - "ValidTo": "2018-02-17 22:05:37", - "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001e0d8474951a966ce400010000001e", - "Version": 3, + "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "b6f099bf203668f11a8f79ab08792ed8", "SHA1": "4713755a345940554eada6042e90b0151591fad6", "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb" - } + }, + "ValidFrom": "2016-11-17 22:05:37", + "ValidTo": "2018-02-17 22:05:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -14325,7 +14639,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -14388,7 +14704,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -14458,7 +14776,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -14521,7 +14841,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -14584,7 +14906,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -14656,7 +14980,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "7661abbf92a68466a3562ec887365e6a", "MachineType": "AMD64", @@ -14674,83 +15000,83 @@ "SHA1": "ccdc96497a3d4cb4a616939fbf102e5faa787a9f", "SHA256": "4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731", "Sections": { - "/4": { - "Entropy": 4.8333953377065395, - "Virtual Size": "0x18018" - }, - ".text": { - "Entropy": 5.6193950523430525, - "Virtual Size": "0x8effc" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.357579251117195, "Virtual Size": "0x28f78" }, - "/14": { - "Entropy": 7.407333327251879, - "Virtual Size": "0x371" - }, ".dynamic": { "Entropy": 0.8341231672694769, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.207672075514832, + "Virtual Size": "0xea00" + }, ".rela": { "Entropy": 2.634187270160945, "Virtual Size": "0x1abc8" }, - ".dynsym": { - "Entropy": 3.207672075514832, - "Virtual Size": "0xea00" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.6193950523430525, + "Virtual Size": "0x8effc" + }, + "/14": { + "Entropy": 7.407333327251879, + "Virtual Size": "0x371" + }, + "/4": { + "Entropy": 4.8333953377065395, + "Virtual Size": "0x18018" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2015-10-28 20:43:37", - "ValidTo": "2017-01-28 20:43:37", - "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000018e730837f472a7b5b000100000018", - "Version": 3, + "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "d442a6ab238e766c07d33f02d299a9a5", "SHA1": "3fb2a93548919ed386a441800a5d941ee358e38f", "SHA256": "8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb" - } + }, + "ValidFrom": "2015-10-28 20:43:37", + "ValidTo": "2017-01-28 20:43:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000018e730837f472a7b5b000100000018", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000018e730837f472a7b5b000100000018", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -14811,7 +15137,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "centos-7.9-shim-20200726-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -14881,7 +15209,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -14951,7 +15281,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -15014,7 +15346,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -15077,7 +15411,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -15149,7 +15485,9 @@ "FileVersion": "", "Filename": "shim-0.8-0ubuntu2/shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "1feeb7cf14b7809b43c9044ff910afd2", "MachineType": "AMD64", @@ -15167,37 +15505,37 @@ "SHA1": "5a9676753387c0f2b6bf9bae87605b78667df8f1", "SHA256": "45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b", "Sections": { - "/4": { - "Entropy": 4.8448409206206575, - "Virtual Size": "0x161e0" - }, - ".text": { - "Entropy": 5.587299575684047, - "Virtual Size": "0x9f5ec" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.508686595222319, "Virtual Size": "0x2d718" }, - "/14": { - "Entropy": 7.322772708526002, - "Virtual Size": "0x449" - }, ".dynamic": { "Entropy": 0.8424565006028102, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.209835026586944, + "Virtual Size": "0xe538" + }, ".rela": { "Entropy": 2.603259641312489, "Virtual Size": "0x29598" }, - ".dynsym": { - "Entropy": 3.209835026586944, - "Virtual Size": "0xe538" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.587299575684047, + "Virtual Size": "0x9f5ec" + }, + "/14": { + "Entropy": 7.322772708526002, + "Virtual Size": "0x449" + }, + "/4": { + "Entropy": 4.8448409206206575, + "Virtual Size": "0x161e0" } }, "Signature": "", @@ -15262,7 +15600,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "a1a05331029aa3aa0fd396897cb46e8a", "MachineType": "AMD64", @@ -15280,83 +15620,83 @@ "SHA1": "5e8fe0458328bfeacd491e1c74857c526f444596", "SHA256": "0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce", "Sections": { - "/4": { - "Entropy": 4.837183147385955, - "Virtual Size": "0x161d8" - }, - ".text": { - "Entropy": 5.589380447571309, - "Virtual Size": "0x9f00b" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.598664200386453, "Virtual Size": "0x2c298" }, - "/14": { - "Entropy": 7.180357884758935, - "Virtual Size": "0x5ea" - }, ".dynamic": { "Entropy": 0.8424565006028102, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2043588757367574, + "Virtual Size": "0xe508" + }, ".rela": { "Entropy": 2.5990440989417416, "Virtual Size": "0x29598" }, - ".dynsym": { - "Entropy": 3.2043588757367574, - "Virtual Size": "0xe508" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.589380447571309, + "Virtual Size": "0x9f00b" + }, + "/14": { + "Entropy": 7.180357884758935, + "Virtual Size": "0x5ea" + }, + "/4": { + "Entropy": 4.837183147385955, + "Virtual Size": "0x161d8" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2013-09-24 17:54:03", - "ValidTo": "2014-12-24 17:54:03", - "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000000a6642f3f49fb7379600010000000a", - "Version": 3, + "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c52110f552e27ebb1e3fae114abafb3f", "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4", "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c" - } + }, + "ValidFrom": "2013-09-24 17:54:03", + "ValidTo": "2014-12-24 17:54:03", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -15412,7 +15752,9 @@ "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "cefe4b51ab58c74a20f0302fca66bd03", "MachineType": "THUMB", @@ -15430,10 +15772,6 @@ "SHA1": "e230f2632b21bdb523d214032f979104df1ee867", "SHA256": "88c2eac45b9480cc7e423558ba1b90097e8f12dbf98f4628c7a574c6371c6030", "Sections": { - ".text": { - "Entropy": 7.049152498387783, - "Virtual Size": "0x9b114" - }, ".data": { "Entropy": 6.106175836191492, "Virtual Size": "0x35cf0" @@ -15442,59 +15780,63 @@ "Entropy": 6.141258232502104, "Virtual Size": "0x5ab0" }, + ".reloc": { + "Entropy": 4.719816616755866, + "Virtual Size": "0x4020" + }, ".rsrc": { "Entropy": 3.471815692049393, "Virtual Size": "0xfce8" }, - ".reloc": { - "Entropy": 4.719816616755866, - "Virtual Size": "0x4020" + ".text": { + "Entropy": 7.049152498387783, + "Virtual Size": "0x9b114" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-04-10 20:41:53", - "ValidTo": "2014-07-10 20:41:53", - "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", - "Version": 3, + "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "2e3f888fadd3d8d498f3237752c18df9", "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed", "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6" - } + }, + "ValidFrom": "2013-04-10 20:41:53", + "ValidTo": "2014-07-10 20:41:53", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -15555,7 +15897,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -15627,7 +15971,9 @@ "FileVersion": "", "Filename": "BOOTIA32.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "7de3ac2823e2f7c241f2b181a8417647", "MachineType": "I386", @@ -15645,83 +15991,83 @@ "SHA1": "c3c4d0ccdc07c03c20f133f9f65f6f12accea87a", "SHA256": "c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740", "Sections": { - ".text": { - "Entropy": 5.844138421048036, - "Virtual Size": "0x94d37" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 4.855334501626881, - "Virtual Size": "0x5c" - }, ".data": { "Entropy": 5.362038159088457, "Virtual Size": "0x229bc" }, - "/16": { - "Entropy": 7.340161985642677, - "Virtual Size": "0x3e1" - }, ".dynamic": { "Entropy": 1.3647139881914778, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.405087128822569, + "Virtual Size": "0x9370" + }, ".rel": { "Entropy": 3.534994670132211, "Virtual Size": "0x9048" }, - ".dynsym": { - "Entropy": 4.405087128822569, - "Virtual Size": "0x9370" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.844138421048036, + "Virtual Size": "0x94d37" + }, + "/16": { + "Entropy": 7.340161985642677, + "Virtual Size": "0x3e1" + }, + "/4": { + "Entropy": 4.855334501626881, + "Virtual Size": "0x5c" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -15777,7 +16123,9 @@ "FileVersion": "10.0.10010.0 (fbl_kpg_kernel.140630-1750)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "28196e29d41524919202b6bd1e38f35c", "MachineType": "AMD64", @@ -15795,10 +16143,6 @@ "SHA1": "ed2c4554266084506d2e514797b3dfc86a50118a", "SHA256": "f4c53c0b054413691ba25a2d162bcde9c9e35b5e706272f70bff96ed5c05a7b8", "Sections": { - ".text": { - "Entropy": 6.4887395472277625, - "Virtual Size": "0xec124" - }, ".data": { "Entropy": 4.34472616116653, "Virtual Size": "0x3b260" @@ -15807,59 +16151,63 @@ "Entropy": 6.025018814445507, "Virtual Size": "0x7d64" }, + ".reloc": { + "Entropy": 5.395165473860109, + "Virtual Size": "0x7fc" + }, ".rsrc": { "Entropy": 3.4599700329826906, "Virtual Size": "0xfc40" }, - ".reloc": { - "Entropy": 5.395165473860109, - "Virtual Size": "0x7fc" + ".text": { + "Entropy": 6.4887395472277625, + "Virtual Size": "0xec124" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -15920,7 +16268,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-7.9-20200909-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -15990,7 +16340,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -16062,7 +16414,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "53663cb5fea6bde711171523a2206e45", "MachineType": "AMD64", @@ -16080,87 +16434,87 @@ "SHA1": "b0adec5a51e018cc50ef0497126ef4a8d9fd037c", "SHA256": "899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d", "Sections": { - "/4": { - "Entropy": 4.837270867662857, - "Virtual Size": "0x1ebf8" + ".data": { + "Entropy": 4.41909152489649, + "Virtual Size": "0x2c518" }, - ".text": { - "Entropy": 5.619450573511709, - "Virtual Size": "0x9be5f" + ".dynamic": { + "Entropy": 0.7957307370557809, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2164267361361474, + "Virtual Size": "0x10230" + }, + ".rela": { + "Entropy": 2.6559476189231193, + "Virtual Size": "0x1c548" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.619450573511709, + "Virtual Size": "0x9be5f" + }, "/14": { "Entropy": 5.3247800569653165, "Virtual Size": "0xe5" }, - ".data": { - "Entropy": 4.41909152489649, - "Virtual Size": "0x2c518" - }, "/26": { "Entropy": 7.113430283211426, "Virtual Size": "0x603" }, - ".dynamic": { - "Entropy": 0.7957307370557809, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6559476189231193, - "Virtual Size": "0x1c548" - }, - ".dynsym": { - "Entropy": 3.2164267361361474, - "Virtual Size": "0x10230" + "/4": { + "Entropy": 4.837270867662857, + "Virtual Size": "0x1ebf8" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2016-11-17 22:05:37", - "ValidTo": "2018-02-17 22:05:37", - "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001e0d8474951a966ce400010000001e", - "Version": 3, + "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "b6f099bf203668f11a8f79ab08792ed8", "SHA1": "4713755a345940554eada6042e90b0151591fad6", "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb" - } + }, + "ValidFrom": "2016-11-17 22:05:37", + "ValidTo": "2018-02-17 22:05:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -16221,7 +16575,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -16286,7 +16642,9 @@ "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "7f0de7a661590f1c33de0b80676e8827", "MachineType": "AMD64", @@ -16304,22 +16662,6 @@ "SHA1": "003454b835a5ee7ee200f9cb4e68b071e2b8e69b", "SHA256": "d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd", "Sections": { - ".text": { - "Entropy": 6.481657238537085, - "Virtual Size": "0x10a5e2" - }, - "PAGER32C": { - "Entropy": 6.357861791329596, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.514627558721207, - "Virtual Size": "0x169e" - }, - ".rdata": { - "Entropy": 5.427514584005019, - "Virtual Size": "0x19b14" - }, ".data": { "Entropy": 5.464601076751779, "Virtual Size": "0x65010" @@ -16328,63 +16670,79 @@ "Entropy": 6.017575781905406, "Virtual Size": "0x8eb0" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.427514584005019, + "Virtual Size": "0x19b14" + }, + ".reloc": { + "Entropy": 2.715757042100683, + "Virtual Size": "0x1ad6" }, ".rsrc": { "Entropy": 3.47211306543629, "Virtual Size": "0xfd14" }, - ".reloc": { - "Entropy": 2.715757042100683, - "Virtual Size": "0x1ad6" + ".text": { + "Entropy": 6.481657238537085, + "Virtual Size": "0x10a5e2" + }, + "PAGE": { + "Entropy": 6.514627558721207, + "Virtual Size": "0x169e" + }, + "PAGER32C": { + "Entropy": 6.357861791329596, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -16440,7 +16798,9 @@ "FileVersion": "6.3.9600.17109 (winblue_gdr.140426-0111)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "cd78242cb85f016a3ea62002c8f07c0d", "MachineType": "I386", @@ -16458,67 +16818,67 @@ "SHA1": "1df5dc38345eee82fcb606f8c5140c619f187946", "SHA256": "4628ec2698cfbca38d3bb4872df8e65a370ed4591e3fbd613a28b394942b8976", "Sections": { - ".text": { - "Entropy": 6.644731222099491, - "Virtual Size": "0x12da04" - }, ".data": { "Entropy": 5.269345781205062, "Virtual Size": "0x5b510" }, + ".reloc": { + "Entropy": 5.543449582817808, + "Virtual Size": "0x7fba" + }, ".rsrc": { "Entropy": 3.4713678198457463, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.543449582817808, - "Virtual Size": "0x7fba" + ".text": { + "Entropy": 6.644731222099491, + "Virtual Size": "0x12da04" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -16572,7 +16932,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -16642,7 +17004,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -16705,7 +17069,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -16775,7 +17141,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -16838,7 +17206,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -16903,7 +17273,9 @@ "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "bad97e7203aec2bd026403a7f70688b9", "MachineType": "AMD64", @@ -16921,10 +17293,6 @@ "SHA1": "cd3f23904459410ad9f11b26faff47ac28fa5f04", "SHA256": "df216fa3f13f8f7472c9586da4d0a7cd11cd60a041f486a611a4667f1c3d2cc6", "Sections": { - ".text": { - "Entropy": 6.50474071717545, - "Virtual Size": "0x167954" - }, ".data": { "Entropy": 4.530096794223056, "Virtual Size": "0x6b290" @@ -16933,59 +17301,63 @@ "Entropy": 6.107728899214702, "Virtual Size": "0xa4a0" }, + ".reloc": { + "Entropy": 2.329099853080047, + "Virtual Size": "0x2020" + }, ".rsrc": { "Entropy": 3.4710227926789994, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 2.329099853080047, - "Virtual Size": "0x2020" + ".text": { + "Entropy": 6.50474071717545, + "Virtual Size": "0x167954" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -17046,7 +17418,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -17116,7 +17490,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -17186,7 +17562,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shimaa64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -17249,7 +17627,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -17319,7 +17699,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -17384,7 +17766,9 @@ "FileVersion": "6.2.9200.16418 (win8_gdr.120917-1921)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "087617bd4578c903f0a66bd157217f0f", "MachineType": "AMD64", @@ -17402,22 +17786,6 @@ "SHA1": "1128abbba4480920fc7a0a772239cd1d132a1910", "SHA256": "b65fe0af8297168749dc235340cba7c08cf6b956fdd25fc2c9f16d20da536713", "Sections": { - ".text": { - "Entropy": 6.484872015753315, - "Virtual Size": "0x109ee2" - }, - "PAGER32C": { - "Entropy": 6.353319232465821, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.514825397638524, - "Virtual Size": "0x169e" - }, - ".rdata": { - "Entropy": 5.421083425321203, - "Virtual Size": "0x19b34" - }, ".data": { "Entropy": 4.628310210600715, "Virtual Size": "0x63cf0" @@ -17426,63 +17794,79 @@ "Entropy": 6.014681487785778, "Virtual Size": "0x8e8c" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.421083425321203, + "Virtual Size": "0x19b34" + }, + ".reloc": { + "Entropy": 2.70744089792279, + "Virtual Size": "0x1ab4" }, ".rsrc": { "Entropy": 3.4707832631070623, "Virtual Size": "0xfcf4" }, - ".reloc": { - "Entropy": 2.70744089792279, - "Virtual Size": "0x1ab4" + ".text": { + "Entropy": 6.484872015753315, + "Virtual Size": "0x109ee2" + }, + "PAGE": { + "Entropy": 6.514825397638524, + "Virtual Size": "0x169e" + }, + "PAGER32C": { + "Entropy": 6.353319232465821, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -17543,7 +17927,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "cent-7.9-20200730-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -17606,7 +17992,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -17678,7 +18066,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "89805fbe6421f1d03023514f8fd7215d", "MachineType": "AMD64", @@ -17696,87 +18086,87 @@ "SHA1": "f41fb5b7aaf48c05faed3e6622d2e2e70c95d2b7", "SHA256": "561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2", "Sections": { - "/4": { - "Entropy": 4.861285118776935, - "Virtual Size": "0x18780" + ".data": { + "Entropy": 4.469891621916525, + "Virtual Size": "0x29c18" }, - ".text": { - "Entropy": 5.6413160957491595, - "Virtual Size": "0x95a7e" + ".dynamic": { + "Entropy": 0.8630797231656377, + "Virtual Size": "0x100" + }, + ".dynsym": { + "Entropy": 3.209809899920352, + "Virtual Size": "0xdd10" + }, + ".rela": { + "Entropy": 2.6482475445299474, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.6413160957491595, + "Virtual Size": "0x95a7e" + }, "/14": { "Entropy": 4.946577948119573, "Virtual Size": "0x62" }, - ".data": { - "Entropy": 4.469891621916525, - "Virtual Size": "0x29c18" - }, "/26": { "Entropy": 7.335685443962851, "Virtual Size": "0x3e6" }, - ".dynamic": { - "Entropy": 0.8630797231656377, - "Virtual Size": "0x100" - }, - ".rela": { - "Entropy": 2.6482475445299474, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.209809899920352, - "Virtual Size": "0xdd10" + "/4": { + "Entropy": 4.861285118776935, + "Virtual Size": "0x18780" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -17830,7 +18220,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -17900,7 +18292,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-7.9-20200730-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -17972,7 +18366,9 @@ "FileVersion": "", "Filename": "BOOTIA32.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "69b63c494c676d3a1013a775b18568e8", "MachineType": "I386", @@ -17990,83 +18386,83 @@ "SHA1": "09c724498ed275fb4a76f04700f5b2d39413405f", "SHA256": "953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925", "Sections": { - ".text": { - "Entropy": 5.791450448387524, - "Virtual Size": "0x9a39a" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 5.2274469074374705, - "Virtual Size": "0xde" - }, ".data": { "Entropy": 5.297966843937964, "Virtual Size": "0x22bbc" }, - "/16": { - "Entropy": 7.338341139988703, - "Virtual Size": "0x3e2" - }, ".dynamic": { "Entropy": 1.3813806548581444, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.40137747298349, + "Virtual Size": "0xac10" + }, ".rel": { "Entropy": 3.630273097903543, "Virtual Size": "0x9720" }, - ".dynsym": { - "Entropy": 4.40137747298349, - "Virtual Size": "0xac10" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.791450448387524, + "Virtual Size": "0x9a39a" + }, + "/16": { + "Entropy": 7.338341139988703, + "Virtual Size": "0x3e2" + }, + "/4": { + "Entropy": 5.2274469074374705, + "Virtual Size": "0xde" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2016-11-17 22:05:37", - "ValidTo": "2018-02-17 22:05:37", - "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001e0d8474951a966ce400010000001e", - "Version": 3, + "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "b6f099bf203668f11a8f79ab08792ed8", "SHA1": "4713755a345940554eada6042e90b0151591fad6", "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb" - } + }, + "ValidFrom": "2016-11-17 22:05:37", + "ValidTo": "2018-02-17 22:05:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -18120,7 +18516,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -18183,7 +18581,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -18255,7 +18655,9 @@ "FileVersion": "", "Filename": "Signed_14173467011297444/shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "8273287f52ffff4624121d2926ef9df4", "MachineType": "AMD64", @@ -18273,87 +18675,87 @@ "SHA1": "69b368ef62566f9b06db68ab91c736f98d0749b9", "SHA256": "599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b", "Sections": { - "/4": { - "Entropy": 4.853329182162778, - "Virtual Size": "0x1f020" + ".data": { + "Entropy": 4.405783332258001, + "Virtual Size": "0x2d1f8" }, - ".text": { - "Entropy": 5.634218168833761, - "Virtual Size": "0x9ff35" + ".dynamic": { + "Entropy": 0.8630797231656377, + "Virtual Size": "0x100" + }, + ".dynsym": { + "Entropy": 3.211174101144175, + "Virtual Size": "0xf2d0" + }, + ".rela": { + "Entropy": 2.6583278822249916, + "Virtual Size": "0x1c6c8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.634218168833761, + "Virtual Size": "0x9ff35" + }, "/14": { "Entropy": 5.064013199597692, "Virtual Size": "0x69" }, - ".data": { - "Entropy": 4.405783332258001, - "Virtual Size": "0x2d1f8" - }, "/26": { "Entropy": 7.435250663075391, "Virtual Size": "0x57a" }, - ".dynamic": { - "Entropy": 0.8630797231656377, - "Virtual Size": "0x100" - }, - ".rela": { - "Entropy": 2.6583278822249916, - "Virtual Size": "0x1c6c8" - }, - ".dynsym": { - "Entropy": 3.211174101144175, - "Virtual Size": "0xf2d0" + "/4": { + "Entropy": 4.853329182162778, + "Virtual Size": "0x1f020" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -18407,7 +18809,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -18479,7 +18883,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "f2c580ccd60898d4aa2676249d67c171", "MachineType": "AMD64", @@ -18497,87 +18903,87 @@ "SHA1": "85fa4266743ebb0262b8c1da8b01d1f26e630404", "SHA256": "e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f", "Sections": { - "/4": { - "Entropy": 4.853871352073291, - "Virtual Size": "0x186d0" + ".data": { + "Entropy": 4.537670509902523, + "Virtual Size": "0x2ba18" }, - ".text": { - "Entropy": 5.64531153004446, - "Virtual Size": "0x975ee" + ".dynamic": { + "Entropy": 0.8226444693437958, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.206001279398792, + "Virtual Size": "0xdd28" + }, + ".rela": { + "Entropy": 2.6486948946395157, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.64531153004446, + "Virtual Size": "0x975ee" + }, "/14": { "Entropy": 4.946577948119573, "Virtual Size": "0x62" }, - ".data": { - "Entropy": 4.537670509902523, - "Virtual Size": "0x2ba18" - }, "/26": { "Entropy": 7.133596117970691, "Virtual Size": "0x4ac" }, - ".dynamic": { - "Entropy": 0.8226444693437958, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6486948946395157, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.206001279398792, - "Virtual Size": "0xdd28" + "/4": { + "Entropy": 4.853871352073291, + "Virtual Size": "0x186d0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -18631,7 +19037,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -18696,7 +19104,9 @@ "FileVersion": "6.3.9600.17031 (winblue_gdr.140221-1952)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "f66d8bc26d38b7faaa1fbd4c4fdda3ff", "MachineType": "I386", @@ -18714,67 +19124,67 @@ "SHA1": "7098af963c0223858f2fa56cc226ee27048f35d3", "SHA256": "e443176d6a0621e65cadde51f4019ec7fb25e91fa87cbb6cbaf09d94e9e49918", "Sections": { - ".text": { - "Entropy": 6.644560099017493, - "Virtual Size": "0x12d8f4" - }, ".data": { "Entropy": 5.271385172760688, "Virtual Size": "0x5b510" }, + ".reloc": { + "Entropy": 5.537342833364972, + "Virtual Size": "0x7fb8" + }, ".rsrc": { "Entropy": 3.471468768902206, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.537342833364972, - "Virtual Size": "0x7fb8" + ".text": { + "Entropy": 6.644560099017493, + "Virtual Size": "0x12d8f4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -18835,7 +19245,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -18907,7 +19319,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "d0be4e86a7eaa87c849e3e137c3471dd", "MachineType": "AMD64", @@ -18925,83 +19339,83 @@ "SHA1": "1ed0450060202cea44d69a503da1b33004a963dc", "SHA256": "df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa", "Sections": { - "/4": { - "Entropy": 4.8404117804324684, - "Virtual Size": "0x16238" - }, - ".text": { - "Entropy": 5.592324512235591, - "Virtual Size": "0x9f80e" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.599000636926533, "Virtual Size": "0x2c458" }, - "/14": { - "Entropy": 7.338341139988703, - "Virtual Size": "0x3e2" - }, ".dynamic": { "Entropy": 0.8424565006028102, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2071099501580793, + "Virtual Size": "0xe508" + }, ".rela": { "Entropy": 2.6016627065866507, "Virtual Size": "0x29598" }, - ".dynsym": { - "Entropy": 3.2071099501580793, - "Virtual Size": "0xe508" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.592324512235591, + "Virtual Size": "0x9f80e" + }, + "/14": { + "Entropy": 7.338341139988703, + "Virtual Size": "0x3e2" + }, + "/4": { + "Entropy": 4.8404117804324684, + "Virtual Size": "0x16238" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2014-10-01 18:02:10", - "ValidTo": "2016-01-01 18:02:10", - "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000010a4912943d94ce62e000100000010", - "Version": 3, + "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "61509fd4e01160eb7d8007dc182bee5b", "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3", "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953" - } + }, + "ValidFrom": "2014-10-01 18:02:10", + "ValidTo": "2016-01-01 18:02:10", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000010a4912943d94ce62e000100000010", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000010a4912943d94ce62e000100000010", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -19055,7 +19469,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19125,7 +19541,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19195,7 +19613,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -19258,7 +19678,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19328,7 +19750,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-7.9-20200909-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19398,7 +19822,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19461,7 +19887,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19524,7 +19952,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -19594,7 +20024,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-8.3-20200730-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19659,7 +20091,9 @@ "FileVersion": "10.0.10121.0 (fbl_sec_oss3.140523-1156)", "Filename": "bootia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "45a7c3cf799b58b886c0b4c7f6f71d32", "MachineType": "I386", @@ -19677,79 +20111,79 @@ "SHA1": "52cad42539bc3f27a103e4a9bc0fd51a1b51a265", "SHA256": "55a5bb13e3a985e0ab011e69b41704319de0843f9254cf91ed2964c13af345fe", "Sections": { - ".text": { - "Entropy": 6.707639927172937, - "Virtual Size": "0xbf6e0" - }, - "PAGER32C": { - "Entropy": 5.781085769559349, - "Virtual Size": "0x1eaf" - }, - "PAGE": { - "Entropy": 6.553305479665424, - "Virtual Size": "0x13bf" + ".data": { + "Entropy": 4.443254562769542, + "Virtual Size": "0x37f90" }, ".rdata": { "Entropy": 5.278688704736593, "Virtual Size": "0x12934" }, - ".data": { - "Entropy": 4.443254562769542, - "Virtual Size": "0x37f90" + ".reloc": { + "Entropy": 6.780898828243956, + "Virtual Size": "0x60f4" }, ".rsrc": { "Entropy": 3.469109462754718, "Virtual Size": "0xfe50" }, - ".reloc": { - "Entropy": 6.780898828243956, - "Virtual Size": "0x60f4" + ".text": { + "Entropy": 6.707639927172937, + "Virtual Size": "0xbf6e0" + }, + "PAGE": { + "Entropy": 6.553305479665424, + "Virtual Size": "0x13bf" + }, + "PAGER32C": { + "Entropy": 5.781085769559349, + "Virtual Size": "0x1eaf" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -19810,7 +20244,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19873,7 +20309,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19936,7 +20374,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -19999,7 +20439,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -20062,7 +20504,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -20125,7 +20569,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -20188,7 +20634,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -20251,7 +20699,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -20316,7 +20766,9 @@ "FileVersion": "6.3.9600.17031 (winblue_gdr.140221-1952)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "6514d19c16df6d0d9cf75bba91350dcc", "MachineType": "AMD64", @@ -20334,10 +20786,6 @@ "SHA1": "c3f69560b62f619f851df687c0adb2fa35cc0160", "SHA256": "3bc9ed257486b68fac5899eaa19732a1340d06c8baf4b0ff53c7f5c052e6470f", "Sections": { - ".text": { - "Entropy": 6.505313659869744, - "Virtual Size": "0x167784" - }, ".data": { "Entropy": 4.530485730893638, "Virtual Size": "0x6b2b0" @@ -20346,59 +20794,63 @@ "Entropy": 6.106107637688331, "Virtual Size": "0xa494" }, + ".reloc": { + "Entropy": 2.3270407806858406, + "Virtual Size": "0x2020" + }, ".rsrc": { "Entropy": 3.471177246677347, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 2.3270407806858406, - "Virtual Size": "0x2020" + ".text": { + "Entropy": 6.505313659869744, + "Virtual Size": "0x167784" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -20452,7 +20904,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -20517,7 +20971,9 @@ "FileVersion": "6.3.9600.20366 (winblue_ltsb_escrow.220411-1722)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "3aaa631aa80579a7ec4606f002de3436", "MachineType": "AMD64", @@ -20535,10 +20991,6 @@ "SHA1": "293ba261a22d2b62ac580140be62676856d48527", "SHA256": "d038eec123e1e13ab3ad27534de697c9779e9c27c62575f06771f80d3cbb7148", "Sections": { - ".text": { - "Entropy": 6.492763350625338, - "Virtual Size": "0x16dae4" - }, ".data": { "Entropy": 5.414272117838945, "Virtual Size": "0x6c7f0" @@ -20547,59 +20999,63 @@ "Entropy": 6.090094273963687, "Virtual Size": "0xa710" }, + ".reloc": { + "Entropy": 5.4026611513435014, + "Virtual Size": "0x98c" + }, ".rsrc": { "Entropy": 3.4723693660714603, "Virtual Size": "0xfd40" }, - ".reloc": { - "Entropy": 5.4026611513435014, - "Virtual Size": "0x98c" + ".text": { + "Entropy": 6.492763350625338, + "Virtual Size": "0x16dae4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2021-09-02 18:23:41", - "ValidTo": "2022-09-01 18:23:41", - "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", - "Version": 3, + "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "46f57c3b860b08484cb79066ac1014ad", "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92", "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b" - } + }, + "ValidFrom": "2021-09-02 18:23:41", + "ValidTo": "2022-09-01 18:23:41", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -20660,7 +21116,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -20730,7 +21188,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-0.4-0ubuntu3/shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -20800,7 +21260,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -20872,7 +21334,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "d55f2dc318b152d9d722021bf8376658", "MachineType": "AMD64", @@ -20890,87 +21354,87 @@ "SHA1": "6b4d5fb92240528828725c87f1c2f7de1aa7e7f5", "SHA256": "f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb", "Sections": { - "/4": { - "Entropy": 4.84673389141427, - "Virtual Size": "0x18858" + ".data": { + "Entropy": 4.464961714868577, + "Virtual Size": "0x295e8" }, - ".text": { - "Entropy": 5.639710840411351, - "Virtual Size": "0x94dab" + ".dynamic": { + "Entropy": 0.8257898339361436, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.21037984522559, + "Virtual Size": "0xeda8" + }, + ".rela": { + "Entropy": 2.6505568397234684, + "Virtual Size": "0x1adc0" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.639710840411351, + "Virtual Size": "0x94dab" + }, "/14": { "Entropy": 5.2645431551668285, "Virtual Size": "0xc9" }, - ".data": { - "Entropy": 4.464961714868577, - "Virtual Size": "0x295e8" - }, "/26": { "Entropy": 7.349457523109135, "Virtual Size": "0x35f" }, - ".dynamic": { - "Entropy": 0.8257898339361436, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6505568397234684, - "Virtual Size": "0x1adc0" - }, - ".dynsym": { - "Entropy": 3.21037984522559, - "Virtual Size": "0xeda8" + "/4": { + "Entropy": 4.84673389141427, + "Virtual Size": "0x18858" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -21033,7 +21497,9 @@ "FileVersion": "", "Filename": "grubx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "c3f1acb15ea4dd4002d43c5941d1a64e", "MachineType": "AMD64", @@ -21051,21 +21517,21 @@ "SHA1": "31a862d073e46ffc608cfc93ffc8e18c38dfed8f", "SHA256": "3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73", "Sections": { - ".text": { - "Entropy": 5.571601531682557, - "Virtual Size": "0xb000" - }, ".data": { "Entropy": 1.2839449201733235, "Virtual Size": "0xf000" }, - "mods": { - "Entropy": 4.796361582647025, - "Virtual Size": "0x17d000" - }, ".reloc": { "Entropy": 5.904300253815697, "Virtual Size": "0x1000" + }, + ".text": { + "Entropy": 5.571601531682557, + "Virtual Size": "0xb000" + }, + "mods": { + "Entropy": 4.796361582647025, + "Virtual Size": "0x17d000" } }, "Signature": "", @@ -21130,7 +21596,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "e2be3deb5a33615e127a7b2930bb544a", "MachineType": "AMD64", @@ -21148,83 +21616,83 @@ "SHA1": "608df8090d9d8b9aa3ef02b395415edb65d9be6d", "SHA256": "7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110", "Sections": { - "/4": { - "Entropy": 4.842008275901556, - "Virtual Size": "0x16238" - }, - ".text": { - "Entropy": 5.5918453515116635, - "Virtual Size": "0x9f72b" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.609462071845652, "Virtual Size": "0x2c678" }, - "/14": { - "Entropy": 0.6143694458867568, - "Virtual Size": "0x12" - }, ".dynamic": { "Entropy": 0.8424565006028102, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2058008626392853, + "Virtual Size": "0xe520" + }, ".rela": { "Entropy": 2.602685601595089, "Virtual Size": "0x29598" }, - ".dynsym": { - "Entropy": 3.2058008626392853, - "Virtual Size": "0xe520" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.5918453515116635, + "Virtual Size": "0x9f72b" + }, + "/14": { + "Entropy": 0.6143694458867568, + "Virtual Size": "0x12" + }, + "/4": { + "Entropy": 4.842008275901556, + "Virtual Size": "0x16238" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2014-10-01 18:02:10", - "ValidTo": "2016-01-01 18:02:10", - "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000010a4912943d94ce62e000100000010", - "Version": 3, + "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "61509fd4e01160eb7d8007dc182bee5b", "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3", "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953" - } + }, + "ValidFrom": "2014-10-01 18:02:10", + "ValidTo": "2016-01-01 18:02:10", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000010a4912943d94ce62e000100000010", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000010a4912943d94ce62e000100000010", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -21287,7 +21755,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "24a7545dc37bc7d366b05c68752af476", "MachineType": "AMD64", @@ -21305,87 +21775,87 @@ "SHA1": "63006031749d3e2d445fd952c8da201181b90593", "SHA256": "6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0", "Sections": { - "/4": { - "Entropy": 4.842286067133961, - "Virtual Size": "0x18848" + ".data": { + "Entropy": 4.543005509538862, + "Virtual Size": "0x2a5d8" }, - ".text": { - "Entropy": 5.636907616740039, - "Virtual Size": "0x9517a" + ".dynamic": { + "Entropy": 0.8341231672694769, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2108977484090375, + "Virtual Size": "0xedc0" + }, + ".rela": { + "Entropy": 2.6458352177504407, + "Virtual Size": "0x1ae68" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.636907616740039, + "Virtual Size": "0x9517a" + }, "/14": { "Entropy": 5.199783217663668, "Virtual Size": "0xc5" }, - ".data": { - "Entropy": 4.543005509538862, - "Virtual Size": "0x2a5d8" - }, "/26": { "Entropy": 7.264358037145479, "Virtual Size": "0x482" }, - ".dynamic": { - "Entropy": 0.8341231672694769, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6458352177504407, - "Virtual Size": "0x1ae68" - }, - ".dynsym": { - "Entropy": 3.2108977484090375, - "Virtual Size": "0xedc0" + "/4": { + "Entropy": 4.842286067133961, + "Virtual Size": "0x18848" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -21439,7 +21909,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -21511,7 +21983,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "077432d8b1ae0ceea719297360357320", "MachineType": "AMD64", @@ -21529,87 +22003,87 @@ "SHA1": "d537e7c393d18329197e079601678b9b476247d3", "SHA256": "4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82", "Sections": { - "/4": { - "Entropy": 4.8209991495784, - "Virtual Size": "0x1e768" + ".data": { + "Entropy": 4.4112605874652075, + "Virtual Size": "0x2b838" }, - ".text": { - "Entropy": 5.607257358833804, - "Virtual Size": "0x9953f" + ".dynamic": { + "Entropy": 0.8341231672694769, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.21155188819022, + "Virtual Size": "0x101b8" + }, + ".rela": { + "Entropy": 2.657629438857694, + "Virtual Size": "0x1c3b0" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.607257358833804, + "Virtual Size": "0x9953f" + }, "/14": { "Entropy": 5.278552013395339, "Virtual Size": "0xce" }, - ".data": { - "Entropy": 4.4112605874652075, - "Virtual Size": "0x2b838" - }, "/26": { "Entropy": 7.18604621467741, "Virtual Size": "0x5bc" }, - ".dynamic": { - "Entropy": 0.8341231672694769, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.657629438857694, - "Virtual Size": "0x1c3b0" - }, - ".dynsym": { - "Entropy": 3.21155188819022, - "Virtual Size": "0x101b8" + "/4": { + "Entropy": 4.8209991495784, + "Virtual Size": "0x1e768" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000024c1fb0e65d9747386000100000024", - "Version": 3, + "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "82b02850f57505f0830f6dd30b6aeffd", "SHA1": "e600e0efe4030190c5e0cab9aaad72f4e76db429", "SHA256": "1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000024c1fb0e65d9747386000100000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000024c1fb0e65d9747386000100000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -21670,7 +22144,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -21733,7 +22209,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -21796,7 +22274,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -21866,7 +22346,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -21929,7 +22411,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -21999,7 +22483,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -22069,7 +22555,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -22141,7 +22629,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "c748cde9827385f9832a4f0ab1f02550", "MachineType": "AMD64", @@ -22159,87 +22649,87 @@ "SHA1": "6436ae30f3f189f70f9043d91ede90058fbeb00a", "SHA256": "338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66", "Sections": { - "/4": { - "Entropy": 4.86401422844892, - "Virtual Size": "0x189f0" + ".data": { + "Entropy": 4.540880693208529, + "Virtual Size": "0x2ba58" }, - ".text": { - "Entropy": 5.645524701763948, - "Virtual Size": "0x9775e" + ".dynamic": { + "Entropy": 0.8226444693437958, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2053343981539277, + "Virtual Size": "0xdd28" + }, + ".rela": { + "Entropy": 2.6542755257736204, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.645524701763948, + "Virtual Size": "0x9775e" + }, "/14": { "Entropy": 4.946577948119573, "Virtual Size": "0x62" }, - ".data": { - "Entropy": 4.540880693208529, - "Virtual Size": "0x2ba58" - }, "/26": { "Entropy": 7.340161985642677, "Virtual Size": "0x3e1" }, - ".dynamic": { - "Entropy": 0.8226444693437958, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6542755257736204, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.2053343981539277, - "Virtual Size": "0xdd28" + "/4": { + "Entropy": 4.86401422844892, + "Virtual Size": "0x189f0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -22302,7 +22792,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "22534ca115844f647fd2698572201490", "MachineType": "AMD64", @@ -22320,87 +22812,87 @@ "SHA1": "7a21dd6f0289ca16c6f2a46cd37a965721f07518", "SHA256": "24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108", "Sections": { - "/4": { - "Entropy": 4.834298869664788, - "Virtual Size": "0x1e698" + ".data": { + "Entropy": 4.411757169157883, + "Virtual Size": "0x2bc78" }, - ".text": { - "Entropy": 5.6177167078803505, - "Virtual Size": "0x9aac7" + ".dynamic": { + "Entropy": 0.7873974037224476, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.210413889723783, + "Virtual Size": "0xfff0" + }, + ".rela": { + "Entropy": 2.655298369840716, + "Virtual Size": "0x1c470" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.6177167078803505, + "Virtual Size": "0x9aac7" + }, "/14": { "Entropy": 5.287094102644723, "Virtual Size": "0xa9" }, - ".data": { - "Entropy": 4.411757169157883, - "Virtual Size": "0x2bc78" - }, "/26": { "Entropy": 7.246800061582028, "Virtual Size": "0x42e" }, - ".dynamic": { - "Entropy": 0.7873974037224476, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.655298369840716, - "Virtual Size": "0x1c470" - }, - ".dynsym": { - "Entropy": 3.210413889723783, - "Virtual Size": "0xfff0" + "/4": { + "Entropy": 4.834298869664788, + "Virtual Size": "0x1e698" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -22454,7 +22946,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -22524,7 +23018,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-8.3-20200730-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -22587,7 +23083,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -22650,7 +23148,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -22722,7 +23222,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "87ae10260e4ba99762c952c6b1781476", "MachineType": "AMD64", @@ -22740,83 +23242,83 @@ "SHA1": "d8282df774ac784f175e5954d46864fd06c28bc3", "SHA256": "b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b", "Sections": { - "/4": { - "Entropy": 4.8275795242762225, - "Virtual Size": "0x174e0" - }, - ".text": { - "Entropy": 5.64000824439747, - "Virtual Size": "0xaa4f1" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.77616587395717, "Virtual Size": "0x31528" }, - "/14": { - "Entropy": -0.0, - "Virtual Size": "0xa" - }, ".dynamic": { "Entropy": 1.0259041624373757, "Virtual Size": "0x130" }, + ".dynsym": { + "Entropy": 3.210966719000789, + "Virtual Size": "0xf210" + }, ".rela": { "Entropy": 2.6207035651809227, "Virtual Size": "0x2af90" }, - ".dynsym": { - "Entropy": 3.210966719000789, - "Virtual Size": "0xf210" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.64000824439747, + "Virtual Size": "0xaa4f1" + }, + "/14": { + "Entropy": -0.0, + "Virtual Size": "0xa" + }, + "/4": { + "Entropy": 4.8275795242762225, + "Virtual Size": "0x174e0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2013-09-24 17:54:03", - "ValidTo": "2014-12-24 17:54:03", - "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000000a6642f3f49fb7379600010000000a", - "Version": 3, + "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c52110f552e27ebb1e3fae114abafb3f", "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4", "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c" - } + }, + "ValidFrom": "2013-09-24 17:54:03", + "ValidTo": "2014-12-24 17:54:03", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -22877,7 +23379,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -22947,7 +23451,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23010,7 +23516,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23080,7 +23588,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23150,7 +23660,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23220,7 +23732,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-8.3-20200917-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23290,7 +23804,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -23353,7 +23869,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -23416,7 +23934,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23479,7 +23999,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -23549,7 +24071,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23612,7 +24136,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23677,7 +24203,9 @@ "FileVersion": "6.3.9600.16411 (winblue_gdr.130924-1807)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "f512804db694f319cf51306dd2c2c618", "MachineType": "I386", @@ -23695,67 +24223,67 @@ "SHA1": "d1bfb94ce4288f7f4e3f27ef22618991485e06ec", "SHA256": "3f28c4f2fb32c10e5faed1debf7db6ae8c821bf286ffdb57a5b31fce0730e111", "Sections": { - ".text": { - "Entropy": 6.650572748526797, - "Virtual Size": "0x12a4a4" - }, ".data": { "Entropy": 5.268881641959374, "Virtual Size": "0x564f0" }, + ".reloc": { + "Entropy": 5.533455631907051, + "Virtual Size": "0x7f10" + }, ".rsrc": { "Entropy": 3.470826687572494, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.533455631907051, - "Virtual Size": "0x7f10" + ".text": { + "Entropy": 6.650572748526797, + "Virtual Size": "0x12a4a4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -23809,7 +24337,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23872,7 +24402,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -23937,7 +24469,9 @@ "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1038)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "8000831e91c318757fa911d4c879dc02", "MachineType": "AMD64", @@ -23955,10 +24489,6 @@ "SHA1": "d88ac2154cd473d25c41be40bcca918158badf94", "SHA256": "59e4fa86b1c3bb7df3cdb79a17ec36af9ad12e153172f6d8e662fcfb9dbb37d5", "Sections": { - ".text": { - "Entropy": 6.474040887094493, - "Virtual Size": "0x170eb4" - }, ".data": { "Entropy": 4.306218248343971, "Virtual Size": "0x63050" @@ -23967,59 +24497,63 @@ "Entropy": 6.083164356102291, "Virtual Size": "0xa758" }, + ".reloc": { + "Entropy": 5.402300872203148, + "Virtual Size": "0x988" + }, ".rsrc": { "Entropy": 3.4701486563458728, "Virtual Size": "0xfce0" }, - ".reloc": { - "Entropy": 5.402300872203148, - "Virtual Size": "0x988" + ".text": { + "Entropy": 6.474040887094493, + "Virtual Size": "0x170eb4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -24075,7 +24609,9 @@ "FileVersion": "6.3.9600.20300 (winblue_ltsb_escrow.220215-0706)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "d6604f3caaa504ff3aedbade7d87fb97", "MachineType": "I386", @@ -24093,67 +24629,67 @@ "SHA1": "a8dc3e14fb4ad8d264fdaba4ccbc89d64ee4791d", "SHA256": "f025a519dccf1df41951c22c6dc5cafa61e21b117e174b4983b45ccc22c6375f", "Sections": { - ".text": { - "Entropy": 6.632565264872485, - "Virtual Size": "0x132694" - }, ".data": { "Entropy": 6.174017317899591, "Virtual Size": "0x5c8b0" }, + ".reloc": { + "Entropy": 6.755773988883993, + "Virtual Size": "0x5e94" + }, ".rsrc": { "Entropy": 3.4723546570842396, "Virtual Size": "0xfd40" }, - ".reloc": { - "Entropy": 6.755773988883993, - "Virtual Size": "0x5e94" + ".text": { + "Entropy": 6.632565264872485, + "Virtual Size": "0x132694" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2021-09-02 18:23:41", - "ValidTo": "2022-09-01 18:23:41", - "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", - "Version": 3, + "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "46f57c3b860b08484cb79066ac1014ad", "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92", "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b" - } + }, + "ValidFrom": "2021-09-02 18:23:41", + "ValidTo": "2022-09-01 18:23:41", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -24209,7 +24745,9 @@ "FileVersion": "", "Filename": "shdloader.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "1c9670b5add3e4d6aa442a53427f422a", "MachineType": "AMD64", @@ -24227,18 +24765,6 @@ "SHA1": "11ddf040e749c8362e91c58fd17cb9c7aea4be91", "SHA256": "c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f", "Sections": { - "/4": { - "Entropy": 4.513510764209654, - "Virtual Size": "0x18f0" - }, - ".text": { - "Entropy": 5.9651561169269165, - "Virtual Size": "0x7962" - }, - ".reloc": { - "Entropy": 1.3567796494470397, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.005064003834089, "Virtual Size": "0x2098" @@ -24247,59 +24773,71 @@ "Entropy": 0.903083847405932, "Virtual Size": "0x130" }, + ".dynsym": { + "Entropy": 2.618034288058892, + "Virtual Size": "0x1668" + }, ".rela": { "Entropy": 1.8366456660065942, "Virtual Size": "0xfc0" }, - ".dynsym": { - "Entropy": 2.618034288058892, - "Virtual Size": "0x1668" + ".reloc": { + "Entropy": 1.3567796494470397, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.9651561169269165, + "Virtual Size": "0x7962" + }, + "/4": { + "Entropy": 4.513510764209654, + "Virtual Size": "0x18f0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2012-07-02 22:25:14", - "ValidTo": "2013-10-02 22:25:14", - "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000081eb17e9c15fc837a000100000008", - "Version": 3, + "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c5e24205d04c09c94d81b6935af7ec09", "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82", "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507" - } + }, + "ValidFrom": "2012-07-02 22:25:14", + "ValidTo": "2013-10-02 22:25:14", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -24353,7 +24891,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -24423,7 +24963,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -24486,7 +25028,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -24551,7 +25095,9 @@ "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "1ee7ccaae6df60e3e850ae6c4a3b7478", "MachineType": "I386", @@ -24569,67 +25115,67 @@ "SHA1": "810d7ecef2570772d2b70facfec1a6028e4bd611", "SHA256": "566ae5fb2f355b2c03ecbbab4770e92856b0d1c3d659fe0c11263f1a5f8d7086", "Sections": { - ".text": { - "Entropy": 6.632717954879298, - "Virtual Size": "0x12fe54" - }, ".data": { "Entropy": 5.28434417329483, "Virtual Size": "0x5b4f0" }, + ".reloc": { + "Entropy": 6.762930538535226, + "Virtual Size": "0x5d10" + }, ".rsrc": { "Entropy": 3.471459084643445, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 6.762930538535226, - "Virtual Size": "0x5d10" + ".text": { + "Entropy": 6.632717954879298, + "Virtual Size": "0x12fe54" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -24683,7 +25229,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -24746,7 +25294,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -24811,7 +25361,9 @@ "FileVersion": "", "Filename": "bootia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "ece26d0686590a1ae0f950a412ed1a10", "MachineType": "I386", @@ -24829,59 +25381,59 @@ "SHA1": "15634f8fd748f28e29e4b77ce899a6d561576240", "SHA256": "52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f", "Sections": { - ".text": { - "Entropy": 5.757847859456988, - "Virtual Size": "0x232a0" - }, ".reloc": { "Entropy": 6.810300778659803, "Virtual Size": "0x18f0" + }, + ".text": { + "Entropy": 5.757847859456988, + "Virtual Size": "0x232a0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2016-11-17 22:05:37", - "ValidTo": "2018-02-17 22:05:37", - "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001e0d8474951a966ce400010000001e", - "Version": 3, + "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "b6f099bf203668f11a8f79ab08792ed8", "SHA1": "4713755a345940554eada6042e90b0151591fad6", "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb" - } + }, + "ValidFrom": "2016-11-17 22:05:37", + "ValidTo": "2018-02-17 22:05:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -24935,7 +25487,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -24998,7 +25552,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25068,7 +25624,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25131,7 +25689,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25194,7 +25754,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25264,7 +25826,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25334,7 +25898,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "cent-8.3-20200730-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25397,7 +25963,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -25467,7 +26035,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25532,7 +26102,9 @@ "FileVersion": "6.3.9600.18639 (winblue_ltsb.170325-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "958ceee3668f4eff01fb29d03518b49e", "MachineType": "AMD64", @@ -25550,10 +26122,6 @@ "SHA1": "0213406b236ee5c1f1e4fbf0101d24cc10ab7e24", "SHA256": "fe26e6c2bc5ac4357e6657624180ca1e946d6dabe79cdb098d7b8b4e440851aa", "Sections": { - ".text": { - "Entropy": 6.4910310466732115, - "Virtual Size": "0x16acf4" - }, ".data": { "Entropy": 5.389366981443705, "Virtual Size": "0x6c590" @@ -25562,59 +26130,63 @@ "Entropy": 6.102700785324201, "Virtual Size": "0xa554" }, + ".reloc": { + "Entropy": 5.400761827022373, + "Virtual Size": "0x968" + }, ".rsrc": { "Entropy": 3.472082202305419, "Virtual Size": "0xfd30" }, - ".reloc": { - "Entropy": 5.400761827022373, - "Virtual Size": "0x968" + ".text": { + "Entropy": 6.4910310466732115, + "Virtual Size": "0x16acf4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2016-10-11 20:39:31", - "ValidTo": "2018-01-11 20:39:31", - "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000001066ec325c431c9180e000000000106", - "Version": 3, + "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "dde4566ad877cdd7257537c5a15caff8", "SHA1": "61ccf092df4eb7534ffc8df983b362e10eb895c2", "SHA256": "0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8" - } + }, + "ValidFrom": "2016-10-11 20:39:31", + "ValidTo": "2018-01-11 20:39:31", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000001066ec325c431c9180e000000000106", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000001066ec325c431c9180e000000000106", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -25675,7 +26247,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25738,7 +26312,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25801,7 +26377,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -25873,7 +26451,9 @@ "FileVersion": "", "Filename": "BOOTIA32.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "77fefa9f6ac9273ee5edb4d19e87d348", "MachineType": "I386", @@ -25891,83 +26471,83 @@ "SHA1": "e609f8ddc446dc27a2aec3577e2b7869126662c0", "SHA256": "03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2", "Sections": { - ".text": { - "Entropy": 5.773526636331647, - "Virtual Size": "0x92ba3" - }, - ".reloc": { - "Entropy": 1.5709505944546687, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 5.070551147779766, - "Virtual Size": "0x7e" - }, ".data": { "Entropy": 5.335958404758759, "Virtual Size": "0x216dc" }, - "/16": { - "Entropy": 7.338341139988703, - "Virtual Size": "0x3e2" - }, ".dynamic": { "Entropy": 1.4043380507095067, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.3951515278569575, + "Virtual Size": "0x9380" + }, ".rel": { "Entropy": 3.5471242189199925, "Virtual Size": "0x9718" }, - ".dynsym": { - "Entropy": 4.3951515278569575, - "Virtual Size": "0x9380" + ".reloc": { + "Entropy": 1.5709505944546687, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.773526636331647, + "Virtual Size": "0x92ba3" + }, + "/16": { + "Entropy": 7.338341139988703, + "Virtual Size": "0x3e2" + }, + "/4": { + "Entropy": 5.070551147779766, + "Virtual Size": "0x7e" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -26028,7 +26608,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -26091,7 +26673,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -26161,7 +26745,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-8.3-shim-20200726-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -26226,7 +26812,9 @@ "FileVersion": "6.3.9600.20366 (winblue_ltsb_escrow.220411-1722)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "c6697cdbcf51cc54053438e644243327", "MachineType": "I386", @@ -26244,67 +26832,67 @@ "SHA1": "056c3b1ab4f9b248ffc5285f299a2653839357f2", "SHA256": "1eadf7bf5fde916884a4beb82dd68ba50be05413f00aae8571190a2eaa462640", "Sections": { - ".text": { - "Entropy": 6.63395324582708, - "Virtual Size": "0x1326f4" - }, ".data": { "Entropy": 6.175578570095665, "Virtual Size": "0x5c8b0" }, + ".reloc": { + "Entropy": 6.751781167901335, + "Virtual Size": "0x5ea4" + }, ".rsrc": { "Entropy": 3.4725471322840162, "Virtual Size": "0xfd40" }, - ".reloc": { - "Entropy": 6.751781167901335, - "Virtual Size": "0x5ea4" + ".text": { + "Entropy": 6.63395324582708, + "Virtual Size": "0x1326f4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2021-09-02 18:23:41", - "ValidTo": "2022-09-01 18:23:41", - "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", - "Version": 3, + "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "46f57c3b860b08484cb79066ac1014ad", "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92", "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b" - } + }, + "ValidFrom": "2021-09-02 18:23:41", + "ValidTo": "2022-09-01 18:23:41", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -26365,7 +26953,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -26428,7 +27018,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -26491,7 +27083,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootaa64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -26554,7 +27148,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -26619,7 +27215,9 @@ "FileVersion": "6.3.9600.20476 (winblue_ltsb_escrow.220627-1731)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "6c1910730f135cbd5a78e3a48520e647", "MachineType": "AMD64", @@ -26637,10 +27235,6 @@ "SHA1": "1d5beb0bd494d324fa663da050cc61e8f7f2ce92", "SHA256": "77e2945b3a2b0d14e9943f90ddd7bb87dde9cc5d8be09f9693e9f4166769363d", "Sections": { - ".text": { - "Entropy": 6.493411591352979, - "Virtual Size": "0x16dcf4" - }, ".data": { "Entropy": 5.413862912163844, "Virtual Size": "0x6c830" @@ -26649,59 +27243,63 @@ "Entropy": 6.079086771447321, "Virtual Size": "0xa734" }, + ".reloc": { + "Entropy": 5.410822163532266, + "Virtual Size": "0x998" + }, ".rsrc": { "Entropy": 3.4723930407949566, "Virtual Size": "0xfd40" }, - ".reloc": { - "Entropy": 5.410822163532266, - "Virtual Size": "0x998" + ".text": { + "Entropy": 6.493411591352979, + "Virtual Size": "0x16dcf4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2021-09-02 18:23:41", - "ValidTo": "2022-09-01 18:23:41", - "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", - "Version": 3, + "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "46f57c3b860b08484cb79066ac1014ad", "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92", "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b" - } + }, + "ValidFrom": "2021-09-02 18:23:41", + "ValidTo": "2022-09-01 18:23:41", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -26755,7 +27353,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -26818,7 +27418,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -26888,7 +27490,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -26951,7 +27555,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -27021,7 +27627,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -27084,7 +27692,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -27147,7 +27757,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -27217,7 +27829,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -27280,7 +27894,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -27343,7 +27959,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -27406,7 +28024,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -27478,7 +28098,9 @@ "FileVersion": "", "Filename": "BOOTx64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "0887bbb1fff22018d425b56dfb642db7", "MachineType": "AMD64", @@ -27496,79 +28118,79 @@ "SHA1": "db9c3757f8f341bd6be92611fbbfb3ca8bc80d6f", "SHA256": "e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831", "Sections": { - ".text": { - "Entropy": 5.634144687504991, - "Virtual Size": "0xab58b" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.800117402438687, "Virtual Size": "0x31eb8" }, - "/4": { - "Entropy": 0.6143694458867568, - "Virtual Size": "0x12" - }, ".dynamic": { "Entropy": 1.177741779247768, "Virtual Size": "0x140" }, + ".dynsym": { + "Entropy": 3.2171085714056926, + "Virtual Size": "0xf570" + }, ".rela": { "Entropy": 2.6309115175747873, "Virtual Size": "0x29d78" }, - ".dynsym": { - "Entropy": 3.2171085714056926, - "Virtual Size": "0xf570" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.634144687504991, + "Virtual Size": "0xab58b" + }, + "/4": { + "Entropy": 0.6143694458867568, + "Virtual Size": "0x12" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2013-09-24 17:54:03", - "ValidTo": "2014-12-24 17:54:03", - "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000000a6642f3f49fb7379600010000000a", - "Version": 3, + "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c52110f552e27ebb1e3fae114abafb3f", "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4", "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c" - } + }, + "ValidFrom": "2013-09-24 17:54:03", + "ValidTo": "2014-12-24 17:54:03", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -27629,7 +28251,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -27699,7 +28323,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -27769,7 +28395,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "cent-7.9-20200730-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -27832,7 +28460,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -27895,7 +28525,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -27958,7 +28590,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -28028,7 +28662,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "BOOTX64.EFI", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -28091,7 +28727,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -28163,7 +28801,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "c2d60556e72219f9d4dd063a6843aa37", "MachineType": "AMD64", @@ -28181,83 +28821,83 @@ "SHA1": "83720b7f32ce09df641395f39a86bc48b3e8a9b8", "SHA256": "d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816", "Sections": { - "/4": { - "Entropy": 4.836197087741231, - "Virtual Size": "0x161d8" - }, - ".text": { - "Entropy": 5.588107260830429, - "Virtual Size": "0x9f2be" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.597286314345456, "Virtual Size": "0x2cab8" }, - "/14": { - "Entropy": 0.6143694458867568, - "Virtual Size": "0x12" - }, ".dynamic": { "Entropy": 0.8341231672694769, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2071015337175828, + "Virtual Size": "0xe520" + }, ".rela": { "Entropy": 2.6053915011200695, "Virtual Size": "0x2aa50" }, - ".dynsym": { - "Entropy": 3.2071015337175828, - "Virtual Size": "0xe520" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.588107260830429, + "Virtual Size": "0x9f2be" + }, + "/14": { + "Entropy": 0.6143694458867568, + "Virtual Size": "0x12" + }, + "/4": { + "Entropy": 4.836197087741231, + "Virtual Size": "0x161d8" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2013-09-24 17:54:03", - "ValidTo": "2014-12-24 17:54:03", - "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000000a6642f3f49fb7379600010000000a", - "Version": 3, + "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c52110f552e27ebb1e3fae114abafb3f", "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4", "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c" - } + }, + "ValidFrom": "2013-09-24 17:54:03", + "ValidTo": "2014-12-24 17:54:03", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -28318,7 +28958,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -28388,7 +29030,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -28460,7 +29104,9 @@ "FileVersion": "", "Filename": "shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "9671f8d6de959b9d084f2a67f6dfadf3", "MachineType": "AMD64", @@ -28478,37 +29124,37 @@ "SHA1": "f7df1f4af46adceea20652bc796d86b47d9eeb6c", "SHA256": "3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467", "Sections": { - "/4": { - "Entropy": 4.843946446868365, - "Virtual Size": "0x18118" - }, - ".text": { - "Entropy": 5.624855658077438, - "Virtual Size": "0x91898" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.421216580279309, "Virtual Size": "0x28848" }, - "/14": { - "Entropy": 7.322772708526002, - "Virtual Size": "0x449" - }, ".dynamic": { "Entropy": 0.8630797231656377, "Virtual Size": "0x100" }, + ".dynsym": { + "Entropy": 3.2051544492157, + "Virtual Size": "0xea78" + }, ".rela": { "Entropy": 2.646133679930085, "Virtual Size": "0x1ae50" }, - ".dynsym": { - "Entropy": 3.2051544492157, - "Virtual Size": "0xea78" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.624855658077438, + "Virtual Size": "0x91898" + }, + "/14": { + "Entropy": 7.322772708526002, + "Virtual Size": "0x449" + }, + "/4": { + "Entropy": 4.843946446868365, + "Virtual Size": "0x18118" } }, "Signature": "", @@ -28564,7 +29210,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -28634,7 +29282,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -28706,7 +29356,9 @@ "FileVersion": "", "Filename": "bootia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "eaaa74b1ac8f59f8610a8e898de54cf6", "MachineType": "I386", @@ -28724,83 +29376,83 @@ "SHA1": "82d315d856cf1a43ff8d22192638c8f416be591f", "SHA256": "aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839", "Sections": { - ".text": { - "Entropy": 5.841766513831158, - "Virtual Size": "0x93147" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 4.946577948119573, - "Virtual Size": "0x62" - }, ".data": { "Entropy": 5.369085585418017, "Virtual Size": "0x21a7c" }, - "/16": { - "Entropy": 7.20273225550972, - "Virtual Size": "0xb79" - }, ".dynamic": { "Entropy": 1.38767138404284, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.388630978541453, + "Virtual Size": "0x9360" + }, ".rel": { "Entropy": 3.537809435563718, "Virtual Size": "0x9048" }, - ".dynsym": { - "Entropy": 4.388630978541453, - "Virtual Size": "0x9360" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.841766513831158, + "Virtual Size": "0x93147" + }, + "/16": { + "Entropy": 7.20273225550972, + "Virtual Size": "0xb79" + }, + "/4": { + "Entropy": 4.946577948119573, + "Virtual Size": "0x62" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -28854,7 +29506,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -28917,7 +29571,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -28987,7 +29643,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "centos-8.3-shim-20200726-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -29052,7 +29710,9 @@ "FileVersion": "6.3.9600.18067 (winblue_ltsb.150929-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "c1feed742caf34c142f70956e0c1259b", "MachineType": "I386", @@ -29070,67 +29730,67 @@ "SHA1": "0e2909e38cccf18e7e44be9c12d9a4856a38b512", "SHA256": "e35cc798f138406bdc5e793574f62fe3be4c7dd6424aa6825e6ec7b2a345b591", "Sections": { - ".text": { - "Entropy": 6.631975040652875, - "Virtual Size": "0x12f284" - }, ".data": { "Entropy": 5.285987336724433, "Virtual Size": "0x5b4f0" }, + ".reloc": { + "Entropy": 6.762931731511957, + "Virtual Size": "0x5d00" + }, ".rsrc": { "Entropy": 3.4716181867603395, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 6.762931731511957, - "Virtual Size": "0x5d00" + ".text": { + "Entropy": 6.631975040652875, + "Virtual Size": "0x12f284" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -29184,7 +29844,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -29247,7 +29909,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -29310,7 +29974,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -29373,7 +30039,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -29436,7 +30104,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -29508,7 +30178,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "aa8eae148f6ac90c370eb50c88b974e1", "MachineType": "AMD64", @@ -29526,83 +30198,83 @@ "SHA1": "2f8b409981580582bfe5fd5e36f8d3e23c061966", "SHA256": "a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf", "Sections": { - "/4": { - "Entropy": 4.852532962586707, - "Virtual Size": "0x17c88" - }, - ".text": { - "Entropy": 5.632428417166211, - "Virtual Size": "0xab73e" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.788657848345654, "Virtual Size": "0x32638" }, - "/14": { - "Entropy": 7.133596117970691, - "Virtual Size": "0x4ac" - }, ".dynamic": { "Entropy": 1.0193252150689545, "Virtual Size": "0x130" }, + ".dynsym": { + "Entropy": 3.212411046351249, + "Virtual Size": "0xf540" + }, ".rela": { "Entropy": 2.6197000559147496, "Virtual Size": "0x2b440" }, - ".dynsym": { - "Entropy": 3.212411046351249, - "Virtual Size": "0xf540" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.632428417166211, + "Virtual Size": "0xab73e" + }, + "/14": { + "Entropy": 7.133596117970691, + "Virtual Size": "0x4ac" + }, + "/4": { + "Entropy": 4.852532962586707, + "Virtual Size": "0x17c88" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2013-09-24 17:54:03", - "ValidTo": "2014-12-24 17:54:03", - "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000000a6642f3f49fb7379600010000000a", - "Version": 3, + "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c52110f552e27ebb1e3fae114abafb3f", "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4", "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c" - } + }, + "ValidFrom": "2013-09-24 17:54:03", + "ValidTo": "2014-12-24 17:54:03", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -29665,7 +30337,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "3f5b9c90792efc13debd32233440ad32", "MachineType": "AMD64", @@ -29683,87 +30357,87 @@ "SHA1": "23b7889abdb236c8cd871733ba2ea7f91d543b99", "SHA256": "537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d", "Sections": { - "/4": { - "Entropy": 4.853673837012988, - "Virtual Size": "0x18c48" + ".data": { + "Entropy": 4.461532819567069, + "Virtual Size": "0x2a3b8" }, - ".text": { - "Entropy": 5.6393589178613786, - "Virtual Size": "0x96b83" + ".dynamic": { + "Entropy": 0.809123167269477, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.207599033482772, + "Virtual Size": "0xdd40" + }, + ".rela": { + "Entropy": 2.6503742316211305, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.6393589178613786, + "Virtual Size": "0x96b83" + }, "/14": { "Entropy": 5.124924534645108, "Virtual Size": "0x84" }, - ".data": { - "Entropy": 4.461532819567069, - "Virtual Size": "0x2a3b8" - }, "/26": { "Entropy": 7.338341139988703, "Virtual Size": "0x3e2" }, - ".dynamic": { - "Entropy": 0.809123167269477, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6503742316211305, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.207599033482772, - "Virtual Size": "0xdd40" + "/4": { + "Entropy": 4.853673837012988, + "Virtual Size": "0x18c48" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -29817,7 +30491,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -29889,7 +30565,9 @@ "FileVersion": "", "Filename": "Signed_14173467011297444/shimia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "c77a847cc9c46de840d61ec8e3453f29", "MachineType": "I386", @@ -29907,83 +30585,83 @@ "SHA1": "cba6f1df00f5220288d92686d84ae7e10c950c32", "SHA256": "a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a", "Sections": { - ".text": { - "Entropy": 5.854758369929387, - "Virtual Size": "0xa0537" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 5.064013199597692, - "Virtual Size": "0x69" - }, ".data": { "Entropy": 5.281293400299073, "Virtual Size": "0x23764" }, - "/16": { - "Entropy": 7.435250663075391, - "Virtual Size": "0x57a" - }, ".dynamic": { "Entropy": 1.4765954737895086, "Virtual Size": "0x80" }, + ".dynsym": { + "Entropy": 4.417215138757397, + "Virtual Size": "0xa1e0" + }, ".rel": { "Entropy": 3.5626097123135003, "Virtual Size": "0x9798" }, - ".dynsym": { - "Entropy": 4.417215138757397, - "Virtual Size": "0xa1e0" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.854758369929387, + "Virtual Size": "0xa0537" + }, + "/16": { + "Entropy": 7.435250663075391, + "Virtual Size": "0x57a" + }, + "/4": { + "Entropy": 5.064013199597692, + "Virtual Size": "0x69" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -30044,7 +30722,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30107,7 +30787,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -30170,7 +30852,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30233,7 +30917,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30296,7 +30982,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -30359,7 +31047,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30431,7 +31121,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "e297beb49756fef9d2bcad4b860426b3", "MachineType": "AMD64", @@ -30449,87 +31141,87 @@ "SHA1": "1c1007b55a1e5c1ca49b0b6673fd83b0ae9a9dc3", "SHA256": "62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9", "Sections": { - "/4": { - "Entropy": 4.8520727981082565, - "Virtual Size": "0x18c28" + ".data": { + "Entropy": 4.4625470240437215, + "Virtual Size": "0x2a358" }, - ".text": { - "Entropy": 5.640692113472777, - "Virtual Size": "0x96d03" + ".dynamic": { + "Entropy": 0.809123167269477, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.202575116995807, + "Virtual Size": "0xdd88" + }, + ".rela": { + "Entropy": 2.6480533598999405, + "Virtual Size": "0x1b0a8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.640692113472777, + "Virtual Size": "0x96d03" + }, "/14": { "Entropy": 5.18628715184291, "Virtual Size": "0x84" }, - ".data": { - "Entropy": 4.4625470240437215, - "Virtual Size": "0x2a358" - }, "/26": { "Entropy": 7.339046392262435, "Virtual Size": "0x9c7" }, - ".dynamic": { - "Entropy": 0.809123167269477, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6480533598999405, - "Virtual Size": "0x1b0a8" - }, - ".dynsym": { - "Entropy": 3.202575116995807, - "Virtual Size": "0xdd88" + "/4": { + "Entropy": 4.8520727981082565, + "Virtual Size": "0x18c28" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -30590,7 +31282,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30660,7 +31354,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30730,7 +31426,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30800,7 +31498,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30870,7 +31570,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -30940,7 +31642,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "centos-8.3-shim-20200726-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -31005,7 +31709,9 @@ "FileVersion": "6.3.9600.20300 (winblue_ltsb_escrow.220215-0706)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "f3c14ba5c3670afacd47f0574922b98f", "MachineType": "AMD64", @@ -31023,10 +31729,6 @@ "SHA1": "a4ede25f03e0ce65fa4a840c454c73019275d8de", "SHA256": "5052ce3b96db73a909bf0e54355e357f8ab7284fa48f9b21c85efedbb886c100", "Sections": { - ".text": { - "Entropy": 6.4945526926976, - "Virtual Size": "0x16d9e4" - }, ".data": { "Entropy": 5.416517617217657, "Virtual Size": "0x6c7f0" @@ -31035,59 +31737,63 @@ "Entropy": 6.080928684654755, "Virtual Size": "0xa710" }, + ".reloc": { + "Entropy": 5.402081860527767, + "Virtual Size": "0x994" + }, ".rsrc": { "Entropy": 3.4721768908716837, "Virtual Size": "0xfd40" }, - ".reloc": { - "Entropy": 5.402081860527767, - "Virtual Size": "0x994" + ".text": { + "Entropy": 6.4945526926976, + "Virtual Size": "0x16d9e4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2021-09-02 18:23:41", - "ValidTo": "2022-09-01 18:23:41", - "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", - "Version": 3, + "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "46f57c3b860b08484cb79066ac1014ad", "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92", "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b" - } + }, + "ValidFrom": "2021-09-02 18:23:41", + "ValidTo": "2022-09-01 18:23:41", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -31148,7 +31854,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -31220,7 +31928,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "ca747f0a7e1bcbc51cf4f9cd2a17f9a5", "MachineType": "AMD64", @@ -31238,18 +31948,6 @@ "SHA1": "41686992e3e8fc975674d5134909975b66b54a38", "SHA256": "777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287", "Sections": { - "/4": { - "Entropy": 4.819140517708772, - "Virtual Size": "0x174e8" - }, - ".text": { - "Entropy": 5.641612169819171, - "Virtual Size": "0xaa991" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.797978054526178, "Virtual Size": "0x316e8" @@ -31258,59 +31956,71 @@ "Entropy": 0.8341231672694769, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2127120070382236, + "Virtual Size": "0xf1f8" + }, ".rela": { "Entropy": 2.6244580629738223, "Virtual Size": "0x2af90" }, - ".dynsym": { - "Entropy": 3.2127120070382236, - "Virtual Size": "0xf1f8" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.641612169819171, + "Virtual Size": "0xaa991" + }, + "/4": { + "Entropy": 4.819140517708772, + "Virtual Size": "0x174e8" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2012-07-02 22:25:14", - "ValidTo": "2013-10-02 22:25:14", - "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000081eb17e9c15fc837a000100000008", - "Version": 3, + "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c5e24205d04c09c94d81b6935af7ec09", "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82", "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507" - } + }, + "ValidFrom": "2012-07-02 22:25:14", + "ValidTo": "2013-10-02 22:25:14", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -31364,7 +32074,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -31427,7 +32139,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "mboot-official_em64t.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -31490,7 +32204,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -31553,7 +32269,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -31623,7 +32341,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -31688,7 +32408,9 @@ "FileVersion": "6.4.9880.0 (fbl_sec_oss3(dlinsley).140616-1123)", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "9618221803e2befd17607ef2d957442f", "MachineType": "AMD64", @@ -31706,22 +32428,6 @@ "SHA1": "1581d6767a70eb0bf596b82592440346eb00cefb", "SHA256": "990a4dd8c86392421d680fa039af4e88d1ebdc97f61a73f8347d6b314fe8cd51", "Sections": { - ".text": { - "Entropy": 6.474696277787201, - "Virtual Size": "0x14da96" - }, - "PAGER32C": { - "Entropy": 6.329737871071302, - "Virtual Size": "0x2e69" - }, - "PAGE": { - "Entropy": 6.553345757683435, - "Virtual Size": "0x1726" - }, - ".rdata": { - "Entropy": 5.678015481743603, - "Virtual Size": "0x20d34" - }, ".data": { "Entropy": 4.550324790112712, "Virtual Size": "0x625a0" @@ -31730,59 +32436,75 @@ "Entropy": 6.1168156717400635, "Virtual Size": "0xa80c" }, - ".rsrc": { - "Entropy": 3.4696484697973857, - "Virtual Size": "0xfd54" + ".rdata": { + "Entropy": 5.678015481743603, + "Virtual Size": "0x20d34" }, ".reloc": { "Entropy": 5.429956404165192, "Virtual Size": "0x9c8" + }, + ".rsrc": { + "Entropy": 3.4696484697973857, + "Virtual Size": "0xfd54" + }, + ".text": { + "Entropy": 6.474696277787201, + "Virtual Size": "0x14da96" + }, + "PAGE": { + "Entropy": 6.553345757683435, + "Virtual Size": "0x1726" + }, + "PAGER32C": { + "Entropy": 6.329737871071302, + "Virtual Size": "0x2e69" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -31843,7 +32565,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -31913,7 +32637,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -31976,7 +32702,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -32046,7 +32774,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -32109,7 +32839,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -32172,7 +32904,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -32235,7 +32969,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -32298,7 +33034,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -32361,7 +33099,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -32424,7 +33164,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -32487,7 +33229,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -32550,7 +33294,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -32615,7 +33361,9 @@ "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "7f0de7a661590f1c33de0b80676e8827", "MachineType": "AMD64", @@ -32633,22 +33381,6 @@ "SHA1": "003454b835a5ee7ee200f9cb4e68b071e2b8e69b", "SHA256": "d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd", "Sections": { - ".text": { - "Entropy": 6.481657238537085, - "Virtual Size": "0x10a5e2" - }, - "PAGER32C": { - "Entropy": 6.357861791329596, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.514627558721207, - "Virtual Size": "0x169e" - }, - ".rdata": { - "Entropy": 5.427514584005019, - "Virtual Size": "0x19b14" - }, ".data": { "Entropy": 5.464601076751779, "Virtual Size": "0x65010" @@ -32657,63 +33389,79 @@ "Entropy": 6.017575781905406, "Virtual Size": "0x8eb0" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.427514584005019, + "Virtual Size": "0x19b14" + }, + ".reloc": { + "Entropy": 2.715757042100683, + "Virtual Size": "0x1ad6" }, ".rsrc": { "Entropy": 3.47211306543629, "Virtual Size": "0xfd14" }, - ".reloc": { - "Entropy": 2.715757042100683, - "Virtual Size": "0x1ad6" + ".text": { + "Entropy": 6.481657238537085, + "Virtual Size": "0x10a5e2" + }, + "PAGE": { + "Entropy": 6.514627558721207, + "Virtual Size": "0x169e" + }, + "PAGER32C": { + "Entropy": 6.357861791329596, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-08-18 17:15:28", - "ValidTo": "2016-11-18 17:15:28", - "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", - "Version": 3, + "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "f31f8c784e5d3986ccacb9c88c6d7044", "SHA1": "833498af9a41da339c83e0d384b521f72d053331", "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976" - } + }, + "ValidFrom": "2015-08-18 17:15:28", + "ValidTo": "2016-11-18 17:15:28", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -32777,8 +33525,7 @@ "Filename": "Signed_14173467011297444/shimaa64.efi", "ImportedFunctions": "", "Imports": [ - "text", - "text" + "text, text" ], "InternalName": "", "MD5": "a1b9b882d3990b8465c7010a406ecd99", @@ -32797,59 +33544,59 @@ "SHA1": "58d47e6513a61b42d4c1c2a9150cf9fd051ec435", "SHA256": "754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b", "Sections": { - ".text": { - "Entropy": 6.294539620252291, - "Virtual Size": "0x99000" - }, ".data": { "Entropy": 2.6794102876071513, "Virtual Size": "0x34b08" + }, + ".text": { + "Entropy": 6.294539620252291, + "Virtual Size": "0x99000" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -32903,7 +33650,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -32966,7 +33715,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -33036,7 +33787,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -33099,7 +33852,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -33162,7 +33917,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -33225,7 +33982,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -33290,7 +34049,9 @@ "FileVersion": "10.0.10010.0 (fbl_kpg_kernel.140630-1750)", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "8d9e858d7fc95bfcc3690f3bddfac320", "MachineType": "AMD64", @@ -33308,22 +34069,6 @@ "SHA1": "0d0e3c0e73f5561985e6a004d8d160be88d64ee7", "SHA256": "0b753bd95ae643b2543f501533ca54db34ddc9d20f336358067a7069240a6214", "Sections": { - ".text": { - "Entropy": 6.491978717136592, - "Virtual Size": "0xd0ea8" - }, - "PAGER32C": { - "Entropy": 5.528643658730128, - "Virtual Size": "0x2d9" - }, - "PAGE": { - "Entropy": 6.535197922143474, - "Virtual Size": "0x1726" - }, - ".rdata": { - "Entropy": 5.392724511782535, - "Virtual Size": "0x19914" - }, ".data": { "Entropy": 4.42328323265371, "Virtual Size": "0x3b260" @@ -33332,59 +34077,75 @@ "Entropy": 5.981623522146152, "Virtual Size": "0x7d64" }, - ".rsrc": { - "Entropy": 3.459847805795169, - "Virtual Size": "0xfc40" + ".rdata": { + "Entropy": 5.392724511782535, + "Virtual Size": "0x19914" }, ".reloc": { "Entropy": 5.420446329188424, "Virtual Size": "0x804" + }, + ".rsrc": { + "Entropy": 3.459847805795169, + "Virtual Size": "0xfc40" + }, + ".text": { + "Entropy": 6.491978717136592, + "Virtual Size": "0xd0ea8" + }, + "PAGE": { + "Entropy": 6.535197922143474, + "Virtual Size": "0x1726" + }, + "PAGER32C": { + "Entropy": 5.528643658730128, + "Virtual Size": "0x2d9" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -33440,7 +34201,9 @@ "FileVersion": "6.2.9200.20519 (win8_ldr.120917-1922)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "c9d595c35045f8b200f9d3142cb3d683", "MachineType": "AMD64", @@ -33458,22 +34221,6 @@ "SHA1": "eabc1fcab7ce92c8dc667046c46a82ad0b2d8907", "SHA256": "545c8c806d6a8b2ab307bf7ff5dff05dd86cfc431d3920692e15e7928ac98eed", "Sections": { - ".text": { - "Entropy": 6.484872015753315, - "Virtual Size": "0x109ee2" - }, - "PAGER32C": { - "Entropy": 6.353319232465821, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.514825397638524, - "Virtual Size": "0x169e" - }, - ".rdata": { - "Entropy": 5.420997475066845, - "Virtual Size": "0x19b34" - }, ".data": { "Entropy": 4.628310210600715, "Virtual Size": "0x63cf0" @@ -33482,63 +34229,79 @@ "Entropy": 6.014681487785778, "Virtual Size": "0x8e8c" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.420997475066845, + "Virtual Size": "0x19b34" + }, + ".reloc": { + "Entropy": 2.70744089792279, + "Virtual Size": "0x1ab4" }, ".rsrc": { "Entropy": 3.4710726954860402, "Virtual Size": "0xfcf4" }, - ".reloc": { - "Entropy": 2.70744089792279, - "Virtual Size": "0x1ab4" + ".text": { + "Entropy": 6.484872015753315, + "Virtual Size": "0x109ee2" + }, + "PAGE": { + "Entropy": 6.514825397638524, + "Virtual Size": "0x169e" + }, + "PAGER32C": { + "Entropy": 6.353319232465821, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -33592,7 +34355,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -33655,7 +34420,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -33727,7 +34494,9 @@ "FileVersion": "", "Filename": "shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "9c9e2e8f49820dbed91f5cae846bbadb", "MachineType": "AMD64", @@ -33745,41 +34514,41 @@ "SHA1": "afc56df60e5ea5a55a1e21f76562d073a56ec46b", "SHA256": "8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde", "Sections": { - "/4": { - "Entropy": 4.859622277775737, - "Virtual Size": "0x1f018" + ".data": { + "Entropy": 4.618421307458241, + "Virtual Size": "0x2f6d8" }, - ".text": { - "Entropy": 5.636421874643909, - "Virtual Size": "0xa0075" + ".dynamic": { + "Entropy": 0.8630797231656377, + "Virtual Size": "0x100" + }, + ".dynsym": { + "Entropy": 3.2098335666907074, + "Virtual Size": "0xf2e8" + }, + ".rela": { + "Entropy": 2.6716229722395415, + "Virtual Size": "0x1c6c8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.636421874643909, + "Virtual Size": "0xa0075" + }, "/14": { "Entropy": 5.1485772576861875, "Virtual Size": "0x84" }, - ".data": { - "Entropy": 4.618421307458241, - "Virtual Size": "0x2f6d8" - }, "/26": { "Entropy": 7.322772708526002, "Virtual Size": "0x449" }, - ".dynamic": { - "Entropy": 0.8630797231656377, - "Virtual Size": "0x100" - }, - ".rela": { - "Entropy": 2.6716229722395415, - "Virtual Size": "0x1c6c8" - }, - ".dynsym": { - "Entropy": 3.2098335666907074, - "Virtual Size": "0xf2e8" + "/4": { + "Entropy": 4.859622277775737, + "Virtual Size": "0x1f018" } }, "Signature": "", @@ -33835,7 +34604,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -33905,7 +34676,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -33968,7 +34741,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -34038,7 +34813,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -34101,7 +34878,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -34164,7 +34943,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -34227,7 +35008,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -34299,7 +35082,9 @@ "FileVersion": "", "Filename": "sbs.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "c73ed000259378b96a9c57c588fc6ef0", "MachineType": "AMD64", @@ -34317,83 +35102,83 @@ "SHA1": "66fe7992ab4da8a44c7b06a0b958faa9a293014b", "SHA256": "a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985", "Sections": { - "/4": { - "Entropy": 4.844338442798661, - "Virtual Size": "0x18170" - }, - ".text": { - "Entropy": 5.631394972561704, - "Virtual Size": "0x920e1" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.407658207289342, "Virtual Size": "0x285a8" }, - "/14": { - "Entropy": 7.161591522225466, - "Virtual Size": "0x53d" - }, ".dynamic": { "Entropy": 0.8341231672694769, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2005941982779254, + "Virtual Size": "0xd860" + }, ".rela": { "Entropy": 2.650758642360982, "Virtual Size": "0x1aec8" }, - ".dynsym": { - "Entropy": 3.2005941982779254, - "Virtual Size": "0xd860" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.631394972561704, + "Virtual Size": "0x920e1" + }, + "/14": { + "Entropy": 7.161591522225466, + "Virtual Size": "0x53d" + }, + "/4": { + "Entropy": 4.844338442798661, + "Virtual Size": "0x18170" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -34447,7 +35232,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -34510,7 +35297,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -34573,7 +35362,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -34636,7 +35427,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -34699,7 +35492,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -34771,7 +35566,9 @@ "FileVersion": "", "Filename": "shim-0.7-0ubuntu4/shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "1bdc36814a6f20464e94616f0d98a521", "MachineType": "AMD64", @@ -34789,37 +35586,37 @@ "SHA1": "093660339cf8e3fc1d8a80855e4f3a72e9a92f30", "SHA256": "17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965", "Sections": { - "/4": { - "Entropy": 4.84229298761354, - "Virtual Size": "0x16050" - }, - ".text": { - "Entropy": 5.589734350916883, - "Virtual Size": "0x9dd4b" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.627610996610074, "Virtual Size": "0x2c078" }, - "/14": { - "Entropy": 7.322772708526002, - "Virtual Size": "0x449" - }, ".dynamic": { "Entropy": 0.8424565006028102, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.2048776341706633, + "Virtual Size": "0xe490" + }, ".rela": { "Entropy": 2.6180499183854384, "Virtual Size": "0x29598" }, - ".dynsym": { - "Entropy": 3.2048776341706633, - "Virtual Size": "0xe490" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.589734350916883, + "Virtual Size": "0x9dd4b" + }, + "/14": { + "Entropy": 7.322772708526002, + "Virtual Size": "0x449" + }, + "/4": { + "Entropy": 4.84229298761354, + "Virtual Size": "0x16050" } }, "Signature": "", @@ -34884,7 +35681,9 @@ "FileVersion": "", "Filename": "bootia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "b1aea18419d0643fb2e4d8f6da2ae461", "MachineType": "I386", @@ -34902,83 +35701,83 @@ "SHA1": "3085f38227977dce8dac3b29c92b0103e5b5eae8", "SHA256": "56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba", "Sections": { - ".text": { - "Entropy": 5.843166036178159, - "Virtual Size": "0x931e7" - }, - ".reloc": { - "Entropy": 1.5709505944546687, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 4.946577948119573, - "Virtual Size": "0x62" - }, ".data": { "Entropy": 5.336485470877681, "Virtual Size": "0x20cdc" }, - "/16": { - "Entropy": 7.335685443962851, - "Virtual Size": "0x3e6" - }, ".dynamic": { "Entropy": 1.4609704737895086, "Virtual Size": "0x80" }, + ".dynsym": { + "Entropy": 4.390812113462173, + "Virtual Size": "0x9360" + }, ".rel": { "Entropy": 3.52145733418307, "Virtual Size": "0x9048" }, - ".dynsym": { - "Entropy": 4.390812113462173, - "Virtual Size": "0x9360" + ".reloc": { + "Entropy": 1.5709505944546687, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.843166036178159, + "Virtual Size": "0x931e7" + }, + "/16": { + "Entropy": 7.335685443962851, + "Virtual Size": "0x3e6" + }, + "/4": { + "Entropy": 4.946577948119573, + "Virtual Size": "0x62" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -35034,7 +35833,9 @@ "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "09287aecf07aa294ed7f76f2234270a9", "MachineType": "THUMB", @@ -35052,10 +35853,6 @@ "SHA1": "f4de49ab09ad1d3e18ba4eeef481d91cd67a4860", "SHA256": "860c16809e3941bebedff0bde99c32aa77379c0be1f6b174d20038a02162d3d5", "Sections": { - ".text": { - "Entropy": 7.012580430527564, - "Virtual Size": "0x9f3d4" - }, ".data": { "Entropy": 6.118785418021721, "Virtual Size": "0x35d10" @@ -35064,59 +35861,63 @@ "Entropy": 6.140620718060279, "Virtual Size": "0x5ba8" }, + ".reloc": { + "Entropy": 4.723783525533069, + "Virtual Size": "0x40dc" + }, ".rsrc": { "Entropy": 3.4718876307612105, "Virtual Size": "0xfce8" }, - ".reloc": { - "Entropy": 4.723783525533069, - "Virtual Size": "0x40dc" + ".text": { + "Entropy": 7.012580430527564, + "Virtual Size": "0x9f3d4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-07-15 17:04:59", - "ValidTo": "2016-10-15 17:04:59", - "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000a6206efff45e063a190000000000a6", - "Version": 3, + "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "57c30a2d7e6573994b137079cbff34b8", "SHA1": "08980baa201ccbfc096accff568fb2b073da66f4", "SHA256": "19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056" - } + }, + "ValidFrom": "2015-07-15 17:04:59", + "ValidTo": "2016-10-15 17:04:59", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000a6206efff45e063a190000000000a6", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000a6206efff45e063a190000000000a6", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -35170,7 +35971,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -35233,7 +36036,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -35303,7 +36108,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-opensuse.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -35366,7 +36173,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -35431,7 +36240,9 @@ "FileVersion": "6.3.9600.18006 (winblue_ltsb.150806-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "5624304dd2172b7edb81741a5e7d2d06", "MachineType": "AMD64", @@ -35449,10 +36260,6 @@ "SHA1": "5ebb525eefc7d35d664bf29bf8fbff40832dcefb", "SHA256": "0e93c368f8177bc0fe1a09d79b897a94286f3c374a18a40522c3358cb627d7e2", "Sections": { - ".text": { - "Entropy": 6.490130132913895, - "Virtual Size": "0x169ab4" - }, ".data": { "Entropy": 4.538102764163199, "Virtual Size": "0x6b290" @@ -35461,59 +36268,63 @@ "Entropy": 6.088085457252306, "Virtual Size": "0xa518" }, + ".reloc": { + "Entropy": 5.3873912473580265, + "Virtual Size": "0x960" + }, ".rsrc": { "Entropy": 3.4709407525928864, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.3873912473580265, - "Virtual Size": "0x960" + ".text": { + "Entropy": 6.490130132913895, + "Virtual Size": "0x169ab4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -35569,7 +36380,9 @@ "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "9caa5988ee5678dad93374ef1f4fd184", "MachineType": "THUMB", @@ -35587,22 +36400,6 @@ "SHA1": "7b09d0dd2b0e37d91ee548a205ba53f8d5b02c7b", "SHA256": "79baff384ed507030cbe328a3d6c04d13e77932f08d387f76cf2422fb3b2588b", "Sections": { - ".text": { - "Entropy": 7.094146009062804, - "Virtual Size": "0x86c9e" - }, - "PAGER32C": { - "Entropy": 6.8208156523893635, - "Virtual Size": "0x2480" - }, - "PAGE": { - "Entropy": 6.9370198019728795, - "Virtual Size": "0xf40" - }, - ".rdata": { - "Entropy": 5.647467240821381, - "Virtual Size": "0x10504" - }, ".data": { "Entropy": 5.598080350898377, "Virtual Size": "0x35b50" @@ -35611,63 +36408,79 @@ "Entropy": 6.104261146987598, "Virtual Size": "0x4e50" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.647467240821381, + "Virtual Size": "0x10504" + }, + ".reloc": { + "Entropy": 4.664264175172123, + "Virtual Size": "0x3b88" }, ".rsrc": { "Entropy": 3.471356139350038, "Virtual Size": "0xfccc" }, - ".reloc": { - "Entropy": 4.664264175172123, - "Virtual Size": "0x3b88" + ".text": { + "Entropy": 7.094146009062804, + "Virtual Size": "0x86c9e" + }, + "PAGE": { + "Entropy": 6.9370198019728795, + "Virtual Size": "0xf40" + }, + "PAGER32C": { + "Entropy": 6.8208156523893635, + "Virtual Size": "0x2480" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -35721,7 +36534,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -35786,7 +36601,9 @@ "FileVersion": "6.2.9200.20521 (win8_ldr.120919-1813)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "02e7a063eae0c4b80a6793fd63bac013", "MachineType": "I386", @@ -35804,83 +36621,83 @@ "SHA1": "c7a420758542a22c9db7c9f75a4709ac53ec8da2", "SHA256": "9da10b25786d8db0167fd66c051f7e2655781bb561b99584312b439a32be4c32", "Sections": { + ".data": { + "Entropy": 5.32099548613425, + "Virtual Size": "0x54bf0" + }, + ".rdata": { + "Entropy": 5.359664573712839, + "Virtual Size": "0x122aa" + }, + ".reloc": { + "Entropy": 6.124599725636047, + "Virtual Size": "0x61b0" + }, + ".rsrc": { + "Entropy": 3.4708442562161297, + "Virtual Size": "0xfcf4" + }, ".text": { "Entropy": 6.641518892559521, "Virtual Size": "0xdd286" }, - "PAGER32C": { - "Entropy": 6.572183780133045, - "Virtual Size": "0x4805" - }, "PAGE": { "Entropy": 6.502474956779901, "Virtual Size": "0x12ab" }, - ".rdata": { - "Entropy": 5.359664573712839, - "Virtual Size": "0x122aa" - }, - ".data": { - "Entropy": 5.32099548613425, - "Virtual Size": "0x54bf0" + "PAGER32C": { + "Entropy": 6.572183780133045, + "Virtual Size": "0x4805" }, "PAGER32R": { "Entropy": 7.631412897966042, "Virtual Size": "0x380" - }, - ".rsrc": { - "Entropy": 3.4708442562161297, - "Virtual Size": "0xfcf4" - }, - ".reloc": { - "Entropy": 6.124599725636047, - "Virtual Size": "0x61b0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -35934,7 +36751,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -35999,7 +36818,9 @@ "FileVersion": "6.3.9600.16411 (winblue_gdr.130924-1807)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "a7077726554ee791e5a4b6e20ba8d557", "MachineType": "AMD64", @@ -36017,10 +36838,6 @@ "SHA1": "6d3c3476f38f447586c8fc347dd545ebf3b83a15", "SHA256": "3fda721bc5007eab23af6e0c56a6942a7925a858f0d801fbb21011ccf758893b", "Sections": { - ".text": { - "Entropy": 6.501476254289593, - "Virtual Size": "0x164d34" - }, ".data": { "Entropy": 4.528276048554928, "Virtual Size": "0x6b230" @@ -36029,59 +36846,63 @@ "Entropy": 6.076711122380285, "Virtual Size": "0xa3d4" }, + ".reloc": { + "Entropy": 2.339034701100046, + "Virtual Size": "0x2000" + }, ".rsrc": { "Entropy": 3.4714597444382016, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 2.339034701100046, - "Virtual Size": "0x2000" + ".text": { + "Entropy": 6.501476254289593, + "Virtual Size": "0x164d34" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -36142,7 +36963,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -36205,7 +37028,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36275,7 +37100,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36345,7 +37172,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -36408,7 +37237,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36478,7 +37309,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "BOOTX64.EFI", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36548,7 +37381,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36618,7 +37453,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36688,7 +37525,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36758,7 +37597,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36821,7 +37662,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -36891,7 +37734,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -36954,7 +37799,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -37017,7 +37864,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -37080,7 +37929,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootaa64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -37143,7 +37994,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit ARM", @@ -37213,7 +38066,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -37276,7 +38131,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -37339,7 +38196,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -37402,7 +38261,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -37465,7 +38326,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -37530,7 +38393,9 @@ "FileVersion": "", "Filename": "Bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "7e05f116825f8e60072443b813e6192e", "MachineType": "AMD64", @@ -37548,67 +38413,67 @@ "SHA1": "c9bda70cc887ceb1c4552319df909c8bca331b58", "SHA256": "09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b", "Sections": { - ".text": { - "Entropy": 5.947922488694373, - "Virtual Size": "0x523b0" - }, "": { "Entropy": -0.0, "Virtual Size": "0x1df4" }, - ".xdata": { - "Entropy": -0.0, - "Virtual Size": "0x1000" - }, ".reloc": { "Entropy": 5.4356761952478605, "Virtual Size": "0x3268" + }, + ".text": { + "Entropy": 5.947922488694373, + "Virtual Size": "0x523b0" + }, + ".xdata": { + "Entropy": -0.0, + "Virtual Size": "0x1000" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -37664,7 +38529,9 @@ "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "11ca417bc767273a9de7b1355cb2908e", "MachineType": "AMD64", @@ -37682,22 +38549,6 @@ "SHA1": "8de2b54c1204ea7491174a94c1a283695952155b", "SHA256": "0b16ad93ee38243d72ff0acd790107767b6d7d3563a4ba8edb7a23eec5c8d531", "Sections": { - ".text": { - "Entropy": 6.4695047421671195, - "Virtual Size": "0x143d82" - }, - "PAGER32C": { - "Entropy": 6.359590728392211, - "Virtual Size": "0x3d09" - }, - "PAGE": { - "Entropy": 6.540359913399707, - "Virtual Size": "0x1669" - }, - ".rdata": { - "Entropy": 5.839311515562025, - "Virtual Size": "0x1dd44" - }, ".data": { "Entropy": 4.568362788596972, "Virtual Size": "0x6b250" @@ -37706,63 +38557,79 @@ "Entropy": 6.052020537215353, "Virtual Size": "0xa47c" }, - "PAGER32R": { - "Entropy": 7.124151697179559, - "Virtual Size": "0x100" + ".rdata": { + "Entropy": 5.839311515562025, + "Virtual Size": "0x1dd44" + }, + ".reloc": { + "Entropy": 2.343044695048387, + "Virtual Size": "0x2028" }, ".rsrc": { "Entropy": 3.4707613356348475, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 2.343044695048387, - "Virtual Size": "0x2028" + ".text": { + "Entropy": 6.4695047421671195, + "Virtual Size": "0x143d82" + }, + "PAGE": { + "Entropy": 6.540359913399707, + "Virtual Size": "0x1669" + }, + "PAGER32C": { + "Entropy": 6.359590728392211, + "Virtual Size": "0x3d09" + }, + "PAGER32R": { + "Entropy": 7.124151697179559, + "Virtual Size": "0x100" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -37818,7 +38685,9 @@ "FileVersion": "6.2.9200.16416 (win8_gdr.120913-1502)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "9c77b23f662f4c5cf1da2ec62ba6fd2c", "MachineType": "I386", @@ -37836,83 +38705,83 @@ "SHA1": "0f6c22e7f48505d3c4cf28edf541e69a72f4cfed", "SHA256": "5f3952cba19c9f225aae8b57e57c7e20505ac617aeca845a8b5cde4994405c92", "Sections": { + ".data": { + "Entropy": 5.32099548613425, + "Virtual Size": "0x54bf0" + }, + ".rdata": { + "Entropy": 5.359740869045908, + "Virtual Size": "0x122aa" + }, + ".reloc": { + "Entropy": 6.124599725636047, + "Virtual Size": "0x61b0" + }, + ".rsrc": { + "Entropy": 3.4705699295441637, + "Virtual Size": "0xfcf4" + }, ".text": { "Entropy": 6.641518892559521, "Virtual Size": "0xdd286" }, - "PAGER32C": { - "Entropy": 6.572183780133045, - "Virtual Size": "0x4805" - }, "PAGE": { "Entropy": 6.502474956779901, "Virtual Size": "0x12ab" }, - ".rdata": { - "Entropy": 5.359740869045908, - "Virtual Size": "0x122aa" - }, - ".data": { - "Entropy": 5.32099548613425, - "Virtual Size": "0x54bf0" + "PAGER32C": { + "Entropy": 6.572183780133045, + "Virtual Size": "0x4805" }, "PAGER32R": { "Entropy": 7.631412897966042, "Virtual Size": "0x380" - }, - ".rsrc": { - "Entropy": 3.4705699295441637, - "Virtual Size": "0xfcf4" - }, - ".reloc": { - "Entropy": 6.124599725636047, - "Virtual Size": "0x61b0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -37975,7 +38844,9 @@ "FileVersion": "", "Filename": "HfiPcieGen3", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "ffa0df6d1cb927f4cde2741d63c7125b", "MachineType": "AMD64", @@ -37993,67 +38864,67 @@ "SHA1": "a2c8bf15abcb90da814748bb150d66f842f23a38", "SHA256": "98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab", "Sections": { - ".text": { - "Entropy": 5.413383270074479, - "Virtual Size": "0x3eee0" - }, ".data": { "Entropy": 6.816481814190404, "Virtual Size": "0x48c80" }, + ".debug": { + "Entropy": 4.647938066282669, + "Virtual Size": "0xc0" + }, ".reloc": { "Entropy": 6.735442193719632, "Virtual Size": "0x3a20" }, - ".debug": { - "Entropy": 4.647938066282669, - "Virtual Size": "0xc0" + ".text": { + "Entropy": 5.413383270074479, + "Virtual Size": "0x3eee0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2016-11-17 22:05:37", - "ValidTo": "2018-02-17 22:05:37", - "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001e0d8474951a966ce400010000001e", - "Version": 3, + "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "b6f099bf203668f11a8f79ab08792ed8", "SHA1": "4713755a345940554eada6042e90b0151591fad6", "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb" - } + }, + "ValidFrom": "2016-11-17 22:05:37", + "ValidTo": "2018-02-17 22:05:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -38109,7 +38980,9 @@ "FileVersion": "6.4.9880.0 (fbl_sec_oss3(dlinsley).140616-1123)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "e2f5112aec3a2bdc5f267c18f8a6c071", "MachineType": "AMD64", @@ -38127,10 +39000,6 @@ "SHA1": "513e0049089f66a29eb06adef56eb24f1689c24d", "SHA256": "c643c3cc182443893728101f5303aaa05b08ec8616310546edc903635c692b5e", "Sections": { - ".text": { - "Entropy": 6.49404758790082, - "Virtual Size": "0x172c64" - }, ".data": { "Entropy": 4.473798201663143, "Virtual Size": "0x625a0" @@ -38139,59 +39008,63 @@ "Entropy": 6.087546898123127, "Virtual Size": "0xa80c" }, + ".reloc": { + "Entropy": 5.40956828432046, + "Virtual Size": "0x9c8" + }, ".rsrc": { "Entropy": 3.469828495684793, "Virtual Size": "0xfd54" }, - ".reloc": { - "Entropy": 5.40956828432046, - "Virtual Size": "0x9c8" + ".text": { + "Entropy": 6.49404758790082, + "Virtual Size": "0x172c64" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -38254,7 +39127,9 @@ "FileVersion": "", "Filename": "BOOTX64.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "cd3a08a351a1e5286fdabeb5bbf371e7", "MachineType": "AMD64", @@ -38272,87 +39147,87 @@ "SHA1": "55f93fee3283aa27b1d8b20d1d4d85b770e923aa", "SHA256": "2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38", "Sections": { - "/4": { - "Entropy": 4.856630086753691, - "Virtual Size": "0x189a8" + ".data": { + "Entropy": 4.471969126591927, + "Virtual Size": "0x29918" }, - ".text": { - "Entropy": 5.636654925513066, - "Virtual Size": "0x94995" + ".dynamic": { + "Entropy": 0.8341231672694769, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.212420010647876, + "Virtual Size": "0xef88" + }, + ".rela": { + "Entropy": 2.6500576085243153, + "Virtual Size": "0x1af40" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.636654925513066, + "Virtual Size": "0x94995" + }, "/14": { "Entropy": 5.1850304488993615, "Virtual Size": "0xcf" }, - ".data": { - "Entropy": 4.471969126591927, - "Virtual Size": "0x29918" - }, "/26": { "Entropy": 7.400768349168698, "Virtual Size": "0x35e" }, - ".dynamic": { - "Entropy": 0.8341231672694769, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.6500576085243153, - "Virtual Size": "0x1af40" - }, - ".dynsym": { - "Entropy": 3.212420010647876, - "Virtual Size": "0xef88" + "/4": { + "Entropy": 4.856630086753691, + "Virtual Size": "0x189a8" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -38408,7 +39283,9 @@ "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "c831903e223d70526791119b52eaa4df", "MachineType": "THUMB", @@ -38426,22 +39303,6 @@ "SHA1": "43e01a095fe196f5f7f0f6aa4f33d79803d1fe43", "SHA256": "86e5b25aa8072895e72e3d5f4beaccc1488a434fb10babe17fb9010da4ed93bc", "Sections": { - ".text": { - "Entropy": 7.094486381874274, - "Virtual Size": "0x8a3da" - }, - "PAGER32C": { - "Entropy": 6.715799464104058, - "Virtual Size": "0x18b6" - }, - "PAGE": { - "Entropy": 6.974677001292805, - "Virtual Size": "0xf2c" - }, - ".rdata": { - "Entropy": 5.6876031395439375, - "Virtual Size": "0x10134" - }, ".data": { "Entropy": 6.124598814239404, "Virtual Size": "0x35d10" @@ -38450,59 +39311,75 @@ "Entropy": 6.096561187355531, "Virtual Size": "0x5b20" }, - ".rsrc": { - "Entropy": 3.471204074592975, - "Virtual Size": "0xfce8" + ".rdata": { + "Entropy": 5.6876031395439375, + "Virtual Size": "0x10134" }, ".reloc": { "Entropy": 4.721187435331078, "Virtual Size": "0x4064" + }, + ".rsrc": { + "Entropy": 3.471204074592975, + "Virtual Size": "0xfce8" + }, + ".text": { + "Entropy": 7.094486381874274, + "Virtual Size": "0x8a3da" + }, + "PAGE": { + "Entropy": 6.974677001292805, + "Virtual Size": "0xf2c" + }, + "PAGER32C": { + "Entropy": 6.715799464104058, + "Virtual Size": "0x18b6" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-04-10 20:41:53", - "ValidTo": "2014-07-10 20:41:53", - "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", - "Version": 3, + "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "2e3f888fadd3d8d498f3237752c18df9", "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed", "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6" - } + }, + "ValidFrom": "2013-04-10 20:41:53", + "ValidTo": "2014-07-10 20:41:53", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -38563,7 +39440,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -38633,7 +39512,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -38696,7 +39577,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -38761,7 +39644,9 @@ "FileVersion": "", "Filename": "esdiags.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "77164588c1c1207395ca4a64dca19f85", "MachineType": "AMD64", @@ -38779,71 +39664,71 @@ "SHA1": "b1d0f26d6c2ada8828889a9208529ce96b6312e4", "SHA256": "1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b", "Sections": { - ".text": { - "Entropy": 5.26426828621347, - "Virtual Size": "0xb6128" - }, - "text": { - "Entropy": 4.864329193142283, - "Virtual Size": "0x96" - }, "": { "Entropy": -0.0, "Virtual Size": "0x1d28" }, + ".reloc": { + "Entropy": 5.393560756394889, + "Virtual Size": "0x100c" + }, + ".text": { + "Entropy": 5.26426828621347, + "Virtual Size": "0xb6128" + }, ".xdata": { "Entropy": -0.0, "Virtual Size": "0x13e4" }, - ".reloc": { - "Entropy": 5.393560756394889, - "Virtual Size": "0x100c" + "text": { + "Entropy": 4.864329193142283, + "Virtual Size": "0x96" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "??=GB, ??=Private Organization, serialNumber=01488751, C=GB, L=Bournemouth, O=Eurosoft (UK) Ltd, CN=Eurosoft (UK) Ltd", - "ValidFrom": "2019-04-05 00:00:00", - "ValidTo": "2022-04-13 12:00:00", - "Signature": "4ad23e049278de3e46ea9bacb4869b3b787d3fb0306e9cb33621ad3ec283bca093d68b08bea449dfee9bdf1819f0bd95ce2724761856a5e2225eb38bb958c363fc54a6c47b3097894cc42d8cea7e553062f1ed7ccd15cedc0eb3a3316597ca1ac7954546f73325a8ccd9cfbf02dde71cef4684c23b22307ef3839ca5f8f7cbdbc2c6038e2ba37e8b0281de8653718a28163567d1c3617c40b1ba453b6177f31c73b515838a22871c59e8d15f9235dff874ad7a73ef0b8b10e3a123cfb7f3ac7b74fa306f21589ec29ad06f297549d387ddc369aa59e48fad5ea5ed7ec9051fa0ec96247ecb48b31a534e2ae9ad020ed0cdf25ae65cee5affec49f5ec44b5fcb7", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62", - "Version": 3, + "Signature": "4ad23e049278de3e46ea9bacb4869b3b787d3fb0306e9cb33621ad3ec283bca093d68b08bea449dfee9bdf1819f0bd95ce2724761856a5e2225eb38bb958c363fc54a6c47b3097894cc42d8cea7e553062f1ed7ccd15cedc0eb3a3316597ca1ac7954546f73325a8ccd9cfbf02dde71cef4684c23b22307ef3839ca5f8f7cbdbc2c6038e2ba37e8b0281de8653718a28163567d1c3617c40b1ba453b6177f31c73b515838a22871c59e8d15f9235dff874ad7a73ef0b8b10e3a123cfb7f3ac7b74fa306f21589ec29ad06f297549d387ddc369aa59e48fad5ea5ed7ec9051fa0ec96247ecb48b31a534e2ae9ad020ed0cdf25ae65cee5affec49f5ec44b5fcb7", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "??=GB, ??=Private Organization, serialNumber=01488751, C=GB, L=Bournemouth, O=Eurosoft (UK) Ltd, CN=Eurosoft (UK) Ltd", "TBS": { "MD5": "0300d0ac1873acaa7bbbfa8bb78865f8", "SHA1": "8cf42d660984334a7f73556260861949c9c2769d", "SHA256": "a3ec97b75a7cff80f285bdc5808873f9d4e44994661a925afdef65d8365b71f9" - } + }, + "ValidFrom": "2019-04-05 00:00:00", + "ValidTo": "2022-04-13 12:00:00", + "Version": 3 }, { - "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)", - "ValidFrom": "2012-04-18 12:00:00", - "ValidTo": "2027-04-18 12:00:00", - "Signature": "19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "03f1b4e15f3a82f1149678b3d7d8475c", - "Version": 3, + "Signature": "19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)", "TBS": { "MD5": "83f5de89f641d0fbf60248e10a7b9534", "SHA1": "382a73a059a08698d6eb98c87e1b36fc750933a4", "SHA256": "eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf" - } + }, + "ValidFrom": "2012-04-18 12:00:00", + "ValidTo": "2027-04-18 12:00:00", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62", "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)", + "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -38897,7 +39782,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -38967,7 +39854,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -39039,7 +39928,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "658f77c25877b5ceb68bc7e046d37ec3", "MachineType": "AMD64", @@ -39057,83 +39948,83 @@ "SHA1": "8276fccfe7c6ec83b5340aedcb77fb1e24cb1c4d", "SHA256": "d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5", "Sections": { - "/4": { - "Entropy": 4.8425490294878095, - "Virtual Size": "0x161c0" - }, - ".text": { - "Entropy": 5.587793825009416, - "Virtual Size": "0x9f942" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.520603169572745, "Virtual Size": "0x2d690" }, - "/14": { - "Entropy": 7.114183160764015, - "Virtual Size": "0x603" - }, ".dynamic": { "Entropy": 0.8630797231656377, "Virtual Size": "0x100" }, + ".dynsym": { + "Entropy": 3.207501995948057, + "Virtual Size": "0xe508" + }, ".rela": { "Entropy": 2.6111195899111035, "Virtual Size": "0x29598" }, - ".dynsym": { - "Entropy": 3.207501995948057, - "Virtual Size": "0xe508" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.587793825009416, + "Virtual Size": "0x9f942" + }, + "/14": { + "Entropy": 7.114183160764015, + "Virtual Size": "0x603" + }, + "/4": { + "Entropy": 4.8425490294878095, + "Virtual Size": "0x161c0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2014-10-01 18:02:10", - "ValidTo": "2016-01-01 18:02:10", - "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "3300000010a4912943d94ce62e000100000010", - "Version": 3, + "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "61509fd4e01160eb7d8007dc182bee5b", "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3", "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953" - } + }, + "ValidFrom": "2014-10-01 18:02:10", + "ValidTo": "2016-01-01 18:02:10", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "3300000010a4912943d94ce62e000100000010", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "3300000010a4912943d94ce62e000100000010", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -39189,7 +40080,9 @@ "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "65e619f026af74b9c47c2cc77346ec40", "MachineType": "I386", @@ -39207,67 +40100,67 @@ "SHA1": "9bf8d8b915968c37fb4b491f67e567d709d2a026", "SHA256": "fef56f20ef6e5065ed0fde1d85fd19f1f07212403489fd1e2b63aa41f5dc600b", "Sections": { - ".text": { - "Entropy": 6.645095705317715, - "Virtual Size": "0x12db74" - }, ".data": { "Entropy": 5.2729725227732045, "Virtual Size": "0x5b510" }, + ".reloc": { + "Entropy": 5.5260311577476955, + "Virtual Size": "0x7fca" + }, ".rsrc": { "Entropy": 3.471313942696478, "Virtual Size": "0xfd10" }, - ".reloc": { - "Entropy": 5.5260311577476955, - "Virtual Size": "0x7fca" + ".text": { + "Entropy": 6.645095705317715, + "Virtual Size": "0x12db74" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-06-17 21:43:38", - "ValidTo": "2014-09-17 21:43:38", - "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002418fc0b689e7399d0000000000024", - "Version": 3, + "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "28b23b39f3bbd936a26a5b86451be0ac", "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2", "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150" - } + }, + "ValidFrom": "2013-06-17 21:43:38", + "ValidTo": "2014-09-17 21:43:38", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000002418fc0b689e7399d0000000000024", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -39330,7 +40223,9 @@ "FileVersion": "", "Filename": "bootia32.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "28e6701303a90a81dea61addc9d06329", "MachineType": "I386", @@ -39348,83 +40243,83 @@ "SHA1": "00745e4a83900338ec53b231a602eb76ce3fa889", "SHA256": "2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209", "Sections": { - ".text": { - "Entropy": 5.842861242399998, - "Virtual Size": "0x931f7" - }, - ".reloc": { - "Entropy": 1.5709505944546687, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 4.934638497318441, - "Virtual Size": "0x64" - }, ".data": { "Entropy": 5.396610377012996, "Virtual Size": "0x2211c" }, - "/16": { - "Entropy": 7.306150252866006, - "Virtual Size": "0x414" - }, ".dynamic": { "Entropy": 1.38767138404284, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.380703867207076, + "Virtual Size": "0x9360" + }, ".rel": { "Entropy": 3.523619729561932, "Virtual Size": "0x9048" }, - ".dynsym": { - "Entropy": 4.380703867207076, - "Virtual Size": "0x9360" + ".reloc": { + "Entropy": 1.5709505944546687, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.842861242399998, + "Virtual Size": "0x931f7" + }, + "/16": { + "Entropy": 7.306150252866006, + "Virtual Size": "0x414" + }, + "/4": { + "Entropy": 4.934638497318441, + "Virtual Size": "0x64" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -39478,7 +40373,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -39550,7 +40447,9 @@ "FileVersion": "", "Filename": "BOOTIA32.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "87e606dee08705c7ac75737a83a6e063", "MachineType": "I386", @@ -39568,83 +40467,83 @@ "SHA1": "56ebc1fe5d75203a8fd8669eb86d80cda4c13d91", "SHA256": "6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b", "Sections": { - ".text": { - "Entropy": 5.843735832527754, - "Virtual Size": "0x94b97" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 4.855334501626881, - "Virtual Size": "0x5c" - }, ".data": { "Entropy": 5.364024351542338, "Virtual Size": "0x2295c" }, - "/16": { - "Entropy": 7.133596117970691, - "Virtual Size": "0x4ac" - }, ".dynamic": { "Entropy": 1.3647139881914778, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.399390751124498, + "Virtual Size": "0x9370" + }, ".rel": { "Entropy": 3.5319998815880522, "Virtual Size": "0x9048" }, - ".dynsym": { - "Entropy": 4.399390751124498, - "Virtual Size": "0x9370" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.843735832527754, + "Virtual Size": "0x94b97" + }, + "/16": { + "Entropy": 7.133596117970691, + "Virtual Size": "0x4ac" + }, + "/4": { + "Entropy": 4.855334501626881, + "Virtual Size": "0x5c" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2017-08-11 20:20:00", - "ValidTo": "2018-08-11 20:20:00", - "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002530b3d3726ee3f72f000100000025", - "Version": 3, + "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "a5052527524f4998a7bd87f396196fe8", "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0", "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138" - } + }, + "ValidFrom": "2017-08-11 20:20:00", + "ValidTo": "2018-08-11 20:20:00", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002530b3d3726ee3f72f000100000025", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -39705,7 +40604,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-7.9-shim-20200726-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -39770,7 +40671,9 @@ "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "2eb1ef37d6d0425c505df369802d5d54", "MachineType": "I386", @@ -39788,83 +40691,83 @@ "SHA1": "8568540072aa5aead8d761d4baa459e4f9a222b2", "SHA256": "9e14396bca7712b13a5f0b209c8633d754afc3bf577b42ef78304581ddd4e02f", "Sections": { + ".data": { + "Entropy": 5.32099548613425, + "Virtual Size": "0x54bf0" + }, + ".rdata": { + "Entropy": 5.359718481379002, + "Virtual Size": "0x122aa" + }, + ".reloc": { + "Entropy": 6.124599725636047, + "Virtual Size": "0x61b0" + }, + ".rsrc": { + "Entropy": 3.4708606085287217, + "Virtual Size": "0xfcf4" + }, ".text": { "Entropy": 6.641518892559521, "Virtual Size": "0xdd286" }, - "PAGER32C": { - "Entropy": 6.572183780133045, - "Virtual Size": "0x4805" - }, "PAGE": { "Entropy": 6.502474956779901, "Virtual Size": "0x12ab" }, - ".rdata": { - "Entropy": 5.359718481379002, - "Virtual Size": "0x122aa" - }, - ".data": { - "Entropy": 5.32099548613425, - "Virtual Size": "0x54bf0" + "PAGER32C": { + "Entropy": 6.572183780133045, + "Virtual Size": "0x4805" }, "PAGER32R": { "Entropy": 7.631412897966042, "Virtual Size": "0x380" - }, - ".rsrc": { - "Entropy": 3.4708606085287217, - "Virtual Size": "0xfcf4" - }, - ".reloc": { - "Entropy": 6.124599725636047, - "Virtual Size": "0x61b0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -39927,7 +40830,9 @@ "FileVersion": "", "Filename": "BOOTIA32.EFI", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "ee4b2aa959df5211204c6165df138ecd", "MachineType": "I386", @@ -39945,83 +40850,83 @@ "SHA1": "ef1dd5153ae097116a870b6b3571aa1f2f99bfe7", "SHA256": "67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04", "Sections": { - ".text": { - "Entropy": 5.774188637561653, - "Virtual Size": "0x92b93" - }, - ".reloc": { - "Entropy": 1.5709505944546687, - "Virtual Size": "0xa" - }, - "/4": { - "Entropy": 5.040573517037893, - "Virtual Size": "0x7e" - }, ".data": { "Entropy": 5.332540470834759, "Virtual Size": "0x2173c" }, - "/16": { - "Entropy": 7.338341139988703, - "Virtual Size": "0x3e2" - }, ".dynamic": { "Entropy": 1.4043380507095067, "Virtual Size": "0x78" }, + ".dynsym": { + "Entropy": 4.390507192181948, + "Virtual Size": "0x9380" + }, ".rel": { "Entropy": 3.546798440654089, "Virtual Size": "0x9718" }, - ".dynsym": { - "Entropy": 4.390507192181948, - "Virtual Size": "0x9380" + ".reloc": { + "Entropy": 1.5709505944546687, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.774188637561653, + "Virtual Size": "0x92b93" + }, + "/16": { + "Entropy": 7.338341139988703, + "Virtual Size": "0x3e2" + }, + "/4": { + "Entropy": 5.040573517037893, + "Virtual Size": "0x7e" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -40077,7 +40982,9 @@ "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1225)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "1aa56b885cc8dcb37e0165fb6774acf3", "MachineType": "I386", @@ -40095,67 +41002,67 @@ "SHA1": "51b1b97472c99971ef217632ae7d9fee3ce3f1ad", "SHA256": "2b334e6b147104306dd91f77e900c07383c0ddff77c2979ec79ea5d92944c13d", "Sections": { - ".text": { - "Entropy": 6.60297168599822, - "Virtual Size": "0x136b24" - }, ".data": { "Entropy": 5.063753638456743, "Virtual Size": "0x4db30" }, + ".reloc": { + "Entropy": 6.76396764282581, + "Virtual Size": "0x5e84" + }, ".rsrc": { "Entropy": 3.4698922882591594, "Virtual Size": "0xfce0" }, - ".reloc": { - "Entropy": 6.76396764282581, - "Virtual Size": "0x5e84" + ".text": { + "Entropy": 6.60297168599822, + "Virtual Size": "0x136b24" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2014-07-01 20:32:01", - "ValidTo": "2015-10-01 20:32:01", - "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", - "Version": 3, + "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "9da610547a25cbe89af7ecdb99229623", "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7", "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931" - } + }, + "ValidFrom": "2014-07-01 20:32:01", + "ValidTo": "2015-10-01 20:32:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000004ea1d80770a9bbe94400000000004e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -40209,7 +41116,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -40281,7 +41190,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "aed4e671b03d6e093a423c7593d423c0", "MachineType": "AMD64", @@ -40299,83 +41210,83 @@ "SHA1": "0795b77ff05d9365bfc1ce099e4edf239f64a073", "SHA256": "5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f", "Sections": { - "/4": { - "Entropy": 4.851927163507717, - "Virtual Size": "0x176c8" - }, - ".text": { - "Entropy": 5.6438712089241685, - "Virtual Size": "0xa9c81" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.778525693473229, "Virtual Size": "0x31368" }, - "/14": { - "Entropy": 7.315232541543508, - "Virtual Size": "0x40c" - }, ".dynamic": { "Entropy": 0.8341231672694769, "Virtual Size": "0xf0" }, + ".dynsym": { + "Entropy": 3.211693622055045, + "Virtual Size": "0xf168" + }, ".rela": { "Entropy": 2.627040734955125, "Virtual Size": "0x2af90" }, - ".dynsym": { - "Entropy": 3.211693622055045, - "Virtual Size": "0xf168" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.6438712089241685, + "Virtual Size": "0xa9c81" + }, + "/14": { + "Entropy": 7.315232541543508, + "Virtual Size": "0x40c" + }, + "/4": { + "Entropy": 4.851927163507717, + "Virtual Size": "0x176c8" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2013-09-24 17:54:03", - "ValidTo": "2014-12-24 17:54:03", - "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000000a6642f3f49fb7379600010000000a", - "Version": 3, + "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c52110f552e27ebb1e3fae114abafb3f", "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4", "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c" - } + }, + "ValidFrom": "2013-09-24 17:54:03", + "ValidTo": "2014-12-24 17:54:03", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000000a6642f3f49fb7379600010000000a", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -40429,7 +41340,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -40499,7 +41412,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -40569,7 +41484,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -40639,7 +41556,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -40702,7 +41621,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -40765,7 +41686,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -40835,7 +41758,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -40900,7 +41825,9 @@ "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "6b65628a2e6b0cf6bd54965da59a8b43", "MachineType": "THUMB", @@ -40918,10 +41845,6 @@ "SHA1": "54fccbba97f50d2b57478a1c01ad8b86a5fc737a", "SHA256": "dbeb49f986ec6618e7c256d3db4e3d5378a6ee3439c5949ae57e12722a73a198", "Sections": { - ".text": { - "Entropy": 7.01271499061755, - "Virtual Size": "0x9f3d4" - }, ".data": { "Entropy": 6.118785418021721, "Virtual Size": "0x35d10" @@ -40930,59 +41853,63 @@ "Entropy": 6.1416406826134775, "Virtual Size": "0x5ba8" }, + ".reloc": { + "Entropy": 4.723910694609307, + "Virtual Size": "0x40dc" + }, ".rsrc": { "Entropy": 3.4718938617640904, "Virtual Size": "0xfce8" }, - ".reloc": { - "Entropy": 4.723910694609307, - "Virtual Size": "0x40dc" + ".text": { + "Entropy": 7.01271499061755, + "Virtual Size": "0x9f3d4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2015-07-15 17:04:59", - "ValidTo": "2016-10-15 17:04:59", - "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000a6206efff45e063a190000000000a6", - "Version": 3, + "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "57c30a2d7e6573994b137079cbff34b8", "SHA1": "08980baa201ccbfc096accff568fb2b073da66f4", "SHA256": "19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056" - } + }, + "ValidFrom": "2015-07-15 17:04:59", + "ValidTo": "2016-10-15 17:04:59", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000a6206efff45e063a190000000000a6", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "33000000a6206efff45e063a190000000000a6", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -41036,7 +41963,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -41106,7 +42035,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "BOOTX64.EFI", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -41176,7 +42107,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -41241,7 +42174,9 @@ "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "c9b413ac0a31f9eb0a141e05654d1d52", "MachineType": "THUMB", @@ -41259,10 +42194,6 @@ "SHA1": "70f682f3c63a4a1121c3c9afa78934aa2412c049", "SHA256": "ac22c4ad2e62a3a8369a311b69e9b3dd558359cb44de8115e6bef2ae5e5e7151", "Sections": { - ".text": { - "Entropy": 7.052788904216757, - "Virtual Size": "0x9ccf4" - }, ".data": { "Entropy": 6.116187398286086, "Virtual Size": "0x35d10" @@ -41271,59 +42202,63 @@ "Entropy": 6.136093204344787, "Virtual Size": "0x5b50" }, + ".reloc": { + "Entropy": 4.731539389747102, + "Virtual Size": "0x409c" + }, ".rsrc": { "Entropy": 3.4716290018327003, "Virtual Size": "0xfce8" }, - ".reloc": { - "Entropy": 4.731539389747102, - "Virtual Size": "0x409c" + ".text": { + "Entropy": 7.052788904216757, + "Virtual Size": "0x9ccf4" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2013-04-10 20:41:53", - "ValidTo": "2014-07-10 20:41:53", - "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", - "Version": 3, + "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "2e3f888fadd3d8d498f3237752c18df9", "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed", "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6" - } + }, + "ValidFrom": "2013-04-10 20:41:53", + "ValidTo": "2014-07-10 20:41:53", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -41386,7 +42321,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "07349cf7c406343bb9a9a9d9eec50790", "MachineType": "AMD64", @@ -41404,87 +42341,87 @@ "SHA1": "12f8b7152bf718ee95d9d9a8ebd50c1a8fbb9621", "SHA256": "ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035", "Sections": { - "/4": { - "Entropy": 4.827964610163725, - "Virtual Size": "0x1e8a8" + ".data": { + "Entropy": 4.411854121188843, + "Virtual Size": "0x2bad8" }, - ".text": { - "Entropy": 5.620340849167797, - "Virtual Size": "0x9a9c0" + ".dynamic": { + "Entropy": 0.7957307370557809, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2112511396406864, + "Virtual Size": "0x10008" + }, + ".rela": { + "Entropy": 2.651762139832741, + "Virtual Size": "0x1c3b0" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.620340849167797, + "Virtual Size": "0x9a9c0" + }, "/14": { "Entropy": 5.337170840865167, "Virtual Size": "0xd7" }, - ".data": { - "Entropy": 4.411854121188843, - "Virtual Size": "0x2bad8" - }, "/26": { "Entropy": 7.32428121292217, "Virtual Size": "0x3e0" }, - ".dynamic": { - "Entropy": 0.7957307370557809, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.651762139832741, - "Virtual Size": "0x1c3b0" - }, - ".dynsym": { - "Entropy": 3.2112511396406864, - "Virtual Size": "0x10008" + "/4": { + "Entropy": 4.827964610163725, + "Virtual Size": "0x1e8a8" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2016-11-17 22:05:37", - "ValidTo": "2018-02-17 22:05:37", - "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000001e0d8474951a966ce400010000001e", - "Version": 3, + "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "b6f099bf203668f11a8f79ab08792ed8", "SHA1": "4713755a345940554eada6042e90b0151591fad6", "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb" - } + }, + "ValidFrom": "2016-11-17 22:05:37", + "ValidTo": "2018-02-17 22:05:37", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000001e0d8474951a966ce400010000001e", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -41538,7 +42475,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -41608,7 +42547,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -41671,7 +42612,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -41734,7 +42677,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -41806,7 +42751,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "fbec641d8564e4e48784b2b07dd9c196", "MachineType": "AMD64", @@ -41824,18 +42771,6 @@ "SHA1": "7ac5c5314da05d3a6e69e4213b9479a62d6f411b", "SHA256": "ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3", "Sections": { - "/4": { - "Entropy": 4.829624557782118, - "Virtual Size": "0x17460" - }, - ".text": { - "Entropy": 5.6400279515127, - "Virtual Size": "0xaa1d1" - }, - ".reloc": { - "Entropy": 1.7709505944546688, - "Virtual Size": "0xa" - }, ".data": { "Entropy": 4.774275035620183, "Virtual Size": "0x310c8" @@ -41844,59 +42779,71 @@ "Entropy": 1.0259041624373757, "Virtual Size": "0x130" }, + ".dynsym": { + "Entropy": 3.2093022589915736, + "Virtual Size": "0xf1f8" + }, ".rela": { "Entropy": 2.622559703225293, "Virtual Size": "0x2af90" }, - ".dynsym": { - "Entropy": 3.2093022589915736, - "Virtual Size": "0xf1f8" + ".reloc": { + "Entropy": 1.7709505944546688, + "Virtual Size": "0xa" + }, + ".text": { + "Entropy": 5.6400279515127, + "Virtual Size": "0xaa1d1" + }, + "/4": { + "Entropy": 4.829624557782118, + "Virtual Size": "0x17460" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2012-07-02 22:25:14", - "ValidTo": "2013-10-02 22:25:14", - "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "33000000081eb17e9c15fc837a000100000008", - "Version": 3, + "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "c5e24205d04c09c94d81b6935af7ec09", "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82", "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507" - } + }, + "ValidFrom": "2012-07-02 22:25:14", + "ValidTo": "2013-10-02 22:25:14", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "33000000081eb17e9c15fc837a000100000008", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -41950,7 +42897,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -42020,7 +42969,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -42083,7 +43034,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootarm.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -42146,7 +43099,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -42209,7 +43164,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -42279,7 +43236,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -42342,7 +43301,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -42412,7 +43373,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -42475,7 +43438,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -42540,7 +43505,9 @@ "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "5cdb3b41abea2f625c0a632f4ad2cddb", "MachineType": "AMD64", @@ -42558,22 +43525,6 @@ "SHA1": "68041e64a6a90537c6f7d7c6c1b07ccee8fd92a3", "SHA256": "4f9398592553ee138d8db48b95789eca19324b8408cafd0f0bc46d030e7b4fd4", "Sections": { - ".text": { - "Entropy": 6.493057126933711, - "Virtual Size": "0x118fad" - }, - "PAGER32C": { - "Entropy": 6.357894622079484, - "Virtual Size": "0x3d48" - }, - "PAGE": { - "Entropy": 6.4874876888292405, - "Virtual Size": "0x1866" - }, - ".rdata": { - "Entropy": 5.511405489245561, - "Virtual Size": "0x1a634" - }, ".data": { "Entropy": 4.622775810912131, "Virtual Size": "0x63d70" @@ -42582,63 +43533,79 @@ "Entropy": 6.061698645716401, "Virtual Size": "0x9ce4" }, - "PAGER32R": { - "Entropy": 7.631412897966042, - "Virtual Size": "0x380" + ".rdata": { + "Entropy": 5.511405489245561, + "Virtual Size": "0x1a634" + }, + ".reloc": { + "Entropy": 2.6555924696632576, + "Virtual Size": "0x1b5e" }, ".rsrc": { "Entropy": 3.4708865359751586, "Virtual Size": "0xfcf4" }, - ".reloc": { - "Entropy": 2.6555924696632576, - "Virtual Size": "0x1b5e" + ".text": { + "Entropy": 6.493057126933711, + "Virtual Size": "0x118fad" + }, + "PAGE": { + "Entropy": 6.4874876888292405, + "Virtual Size": "0x1866" + }, + "PAGER32C": { + "Entropy": 6.357894622079484, + "Virtual Size": "0x3d48" + }, + "PAGER32R": { + "Entropy": 7.631412897966042, + "Virtual Size": "0x380" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -42699,7 +43666,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-8.3-20200917-shimia32.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -42769,7 +43738,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -42832,7 +43803,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootx64.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -42902,7 +43875,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -42972,7 +43947,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43042,7 +44019,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43112,7 +44091,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43175,7 +44156,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43245,7 +44228,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43317,7 +44302,9 @@ "FileVersion": "", "Filename": "Signed_13652009334930799/shim64-bit.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "8572a7c437a9bc92225906ce5fc04497", "MachineType": "AMD64", @@ -43335,87 +44322,87 @@ "SHA1": "6d2ce22514e2dffca0e31eedd4804280f8c37e4c", "SHA256": "cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969", "Sections": { - "/4": { - "Entropy": 4.854473006421037, - "Virtual Size": "0x1f020" + ".data": { + "Entropy": 4.407892310209117, + "Virtual Size": "0x2d1f8" }, - ".text": { - "Entropy": 5.637088505235519, - "Virtual Size": "0x9ffd5" + ".dynamic": { + "Entropy": 0.8630797231656377, + "Virtual Size": "0x100" + }, + ".dynsym": { + "Entropy": 3.21087140465499, + "Virtual Size": "0xf2e8" + }, + ".rela": { + "Entropy": 2.6590153947439474, + "Virtual Size": "0x1c6c8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.637088505235519, + "Virtual Size": "0x9ffd5" + }, "/14": { "Entropy": 5.064013199597692, "Virtual Size": "0x69" }, - ".data": { - "Entropy": 4.407892310209117, - "Virtual Size": "0x2d1f8" - }, "/26": { "Entropy": 7.405693653367437, "Virtual Size": "0x3b3" }, - ".dynamic": { - "Entropy": 0.8630797231656377, - "Virtual Size": "0x100" - }, - ".rela": { - "Entropy": 2.6590153947439474, - "Virtual Size": "0x1c6c8" - }, - ".dynsym": { - "Entropy": 3.21087140465499, - "Virtual Size": "0xf2e8" + "/4": { + "Entropy": 4.854473006421037, + "Virtual Size": "0x1f020" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -43476,7 +44463,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43539,7 +44528,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43602,7 +44593,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -43672,7 +44665,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43742,7 +44737,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43812,7 +44809,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43882,7 +44881,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -43945,7 +44946,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -44008,7 +45011,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -44071,7 +45076,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -44141,7 +45148,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -44204,7 +45213,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -44267,7 +45278,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -44330,7 +45343,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -44393,7 +45408,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -44463,7 +45480,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "rhel-7.9-shim-20200726-shim64-bit.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -44528,7 +45547,9 @@ "FileVersion": "6.2.9200.16391 (win8_gdr.120803-1608)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "de3db6ac5d9d0d31d8668a74bc3332df", "MachineType": "I386", @@ -44546,83 +45567,83 @@ "SHA1": "b2851fbbc75273998a8dd1aabed09efa961c050f", "SHA256": "1604f70608f964d1a835c3f3a421e58e449774f0291ff134ac298364e8e3f776", "Sections": { + ".data": { + "Entropy": 5.324535468894605, + "Virtual Size": "0x54bf0" + }, + ".rdata": { + "Entropy": 5.359200628389931, + "Virtual Size": "0x122aa" + }, + ".reloc": { + "Entropy": 6.124520370323963, + "Virtual Size": "0x61b0" + }, + ".rsrc": { + "Entropy": 3.470885485377943, + "Virtual Size": "0xfcf4" + }, ".text": { "Entropy": 6.642283438119681, "Virtual Size": "0xdd276" }, - "PAGER32C": { - "Entropy": 6.57198166568606, - "Virtual Size": "0x4805" - }, "PAGE": { "Entropy": 6.499448286436215, "Virtual Size": "0x12ab" }, - ".rdata": { - "Entropy": 5.359200628389931, - "Virtual Size": "0x122aa" - }, - ".data": { - "Entropy": 5.324535468894605, - "Virtual Size": "0x54bf0" + "PAGER32C": { + "Entropy": 6.57198166568606, + "Virtual Size": "0x4805" }, "PAGER32R": { "Entropy": 7.631412897966042, "Virtual Size": "0x380" - }, - ".rsrc": { - "Entropy": 3.470885485377943, - "Virtual Size": "0xfcf4" - }, - ".reloc": { - "Entropy": 6.124520370323963, - "Virtual Size": "0x61b0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -44683,7 +45704,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit", @@ -44746,7 +45769,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -44811,7 +45836,9 @@ "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)", "Filename": "bootmgfw.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "bootmgr.exe", "MD5": "bc78920fd9f058973d63495f36203685", "MachineType": "I386", @@ -44829,83 +45856,83 @@ "SHA1": "edbde6908eebb8bd3197c1634769213b22e0b1b3", "SHA256": "db9643f6d78c6c5bdc29b041660174324639be8b3bc6e247c8c2026e68c4e618", "Sections": { + ".data": { + "Entropy": 5.324535468894605, + "Virtual Size": "0x54bf0" + }, + ".rdata": { + "Entropy": 5.358873830747045, + "Virtual Size": "0x122b0" + }, + ".reloc": { + "Entropy": 6.124520370323963, + "Virtual Size": "0x61b0" + }, + ".rsrc": { + "Entropy": 3.470569475120354, + "Virtual Size": "0xfcf4" + }, ".text": { "Entropy": 6.642283438119681, "Virtual Size": "0xdd276" }, - "PAGER32C": { - "Entropy": 6.57198166568606, - "Virtual Size": "0x4805" - }, "PAGE": { "Entropy": 6.499448286436215, "Virtual Size": "0x12ab" }, - ".rdata": { - "Entropy": 5.358873830747045, - "Virtual Size": "0x122b0" - }, - ".data": { - "Entropy": 5.324535468894605, - "Virtual Size": "0x54bf0" + "PAGER32C": { + "Entropy": 6.57198166568606, + "Virtual Size": "0x4805" }, "PAGER32R": { "Entropy": 7.631412897966042, "Virtual Size": "0x380" - }, - ".rsrc": { - "Entropy": 3.470569475120354, - "Virtual Size": "0xfcf4" - }, - ".reloc": { - "Entropy": 6.124520370323963, - "Virtual Size": "0x61b0" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", - "ValidFrom": "2012-04-09 20:55:50", - "ValidTo": "2013-07-09 20:55:50", - "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "610bbbd8000000000005", - "Version": 3, + "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows", "TBS": { "MD5": "158438012e4dcd69b27b762c9358cfa2", "SHA1": "684ac167849404a4101f166b759f291a43d5f749", "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c" - } + }, + "ValidFrom": "2012-04-09 20:55:50", + "ValidTo": "2013-07-09 20:55:50", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", - "ValidFrom": "2011-10-19 18:41:42", - "ValidTo": "2026-10-19 18:51:42", - "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "61077656000000000008", - "Version": 3, + "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", "TBS": { "MD5": "30a3f0b64324ed7f465e7fc618cb69e7", "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41", "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146" - } + }, + "ValidFrom": "2011-10-19 18:41:42", + "ValidTo": "2026-10-19 18:51:42", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "610bbbd8000000000005", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011", + "SerialNumber": "610bbbd8000000000005", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -44968,7 +45995,9 @@ "FileVersion": "", "Filename": "bootx64.efi", "ImportedFunctions": "", - "Imports": [], + "Imports": [ + "" + ], "InternalName": "", "MD5": "f38a930c417139cd5ccfe3ff2277b4c7", "MachineType": "AMD64", @@ -44986,87 +46015,87 @@ "SHA1": "b304b38b615184a936502bfb705bf254ab41ee32", "SHA256": "c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5", "Sections": { - "/4": { - "Entropy": 4.860485674278351, - "Virtual Size": "0x18788" + ".data": { + "Entropy": 4.54595045365008, + "Virtual Size": "0x2b138" }, - ".text": { - "Entropy": 5.6443502666559935, - "Virtual Size": "0x959be" + ".dynamic": { + "Entropy": 0.7842520391300999, + "Virtual Size": "0xf0" + }, + ".dynsym": { + "Entropy": 3.2037054998928167, + "Virtual Size": "0xdd10" + }, + ".rela": { + "Entropy": 2.649841454143249, + "Virtual Size": "0x1b0d8" }, ".reloc": { "Entropy": 1.7709505944546688, "Virtual Size": "0xa" }, + ".text": { + "Entropy": 5.6443502666559935, + "Virtual Size": "0x959be" + }, "/14": { "Entropy": 4.934638497318441, "Virtual Size": "0x64" }, - ".data": { - "Entropy": 4.54595045365008, - "Virtual Size": "0x2b138" - }, "/26": { "Entropy": 7.306150252866006, "Virtual Size": "0x414" }, - ".dynamic": { - "Entropy": 0.7842520391300999, - "Virtual Size": "0xf0" - }, - ".rela": { - "Entropy": 2.649841454143249, - "Virtual Size": "0x1b0d8" - }, - ".dynsym": { - "Entropy": 3.2037054998928167, - "Virtual Size": "0xdd10" + "/4": { + "Entropy": 4.860485674278351, + "Virtual Size": "0x18788" } }, "Signature": "", "Signatures": [ { - "CertificatesInfo": "", - "SignerInfo": "", "Certificates": [ { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", - "ValidFrom": "2018-07-03 20:53:01", - "ValidTo": "2019-07-26 20:53:01", - "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": false, "SerialNumber": "330000002b4b79b3694d12118700010000002b", - "Version": 3, + "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher", "TBS": { "MD5": "8d8a1f204c9c80213bd427fa58b387e2", "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386", "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0" - } + }, + "ValidFrom": "2018-07-03 20:53:01", + "ValidTo": "2019-07-26 20:53:01", + "Version": 3 }, { - "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", - "ValidFrom": "2011-06-27 21:22:45", - "ValidTo": "2026-06-27 21:32:45", - "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", - "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", "IsCertificateAuthority": true, "SerialNumber": "6108d3c4000000000004", - "Version": 3, + "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358", + "SignatureAlgorithmOID": "1.2.840.113549.1.1.11", + "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", "TBS": { "MD5": "1f23e75a000f0b6db92650dc26ac98e1", "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d", "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2" - } + }, + "ValidFrom": "2011-06-27 21:22:45", + "ValidTo": "2026-06-27 21:32:45", + "Version": 3 } ], + "CertificatesInfo": "", "Signer": [ { - "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011", + "SerialNumber": "330000002b4b79b3694d12118700010000002b", "Version": 1 } - ] + ], + "SignerInfo": "" } ] } @@ -45120,7 +46149,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", @@ -45183,7 +46214,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -45246,7 +46279,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "64-bit", @@ -45309,7 +46344,9 @@ "ExportedFunctions": "", "FileVersion": "", "Filename": "bootmgfw.efi", - "Imports": "", + "Imports": [ + "" + ], "InternalName": "", "MD5": "", "MachineType": "32-bit ARM", diff --git a/bootloaders.io/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md b/bootloaders.io/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md index 1ad8c4d..aa8004e 100644 --- a/bootloaders.io/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md +++ b/bootloaders.io/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md @@ -22,7 +22,7 @@ This was provided by HP Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0072a990-7f8a-484c-8727-bd0912dd2ce6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0072a990-7f8a-484c-8727-bd0912dd2ce6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md b/bootloaders.io/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md index c605859..8d2f36e 100644 --- a/bootloaders.io/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md +++ b/bootloaders.io/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/025ed4ef-d8c6-492b-927f-a1eb484d7b89.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/025ed4ef-d8c6-492b-927f-a1eb484d7b89.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md b/bootloaders.io/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md index e1e51c6..a3e2069 100644 --- a/bootloaders.io/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md +++ b/bootloaders.io/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/02e8f438-8842-4018-8592-a4fea656bd01.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/02e8f438-8842-4018-8592-a4fea656bd01.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md b/bootloaders.io/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md index 4ba0fa0..d9a9941 100644 --- a/bootloaders.io/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md +++ b/bootloaders.io/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/03fbb84a-9153-4d42-aa08-c26fd8260bd1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/03fbb84a-9153-4d42-aa08-c26fd8260bd1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md b/bootloaders.io/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md index 490cefb..d112276 100644 --- a/bootloaders.io/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md +++ b/bootloaders.io/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c831903e223d70526791119b52eaa4df.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c831903e223d70526791119b52eaa4df.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0486fe15-0d77-4c66-9918-1278ef014f72.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0486fe15-0d77-4c66-9918-1278ef014f72.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.md b/bootloaders.io/content/bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.md index 865d2ad..2d49657 100644 --- a/bootloaders.io/content/bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.md +++ b/bootloaders.io/content/bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.md b/bootloaders.io/content/bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.md index 38daf5b..6ee0cec 100644 --- a/bootloaders.io/content/bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.md +++ b/bootloaders.io/content/bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6.md b/bootloaders.io/content/bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6.md index 8eb7e40..9363b17 100644 --- a/bootloaders.io/content/bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6.md +++ b/bootloaders.io/content/bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/e8b4de749b80b47640ea86b06f56429f.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e8b4de749b80b47640ea86b06f56429f.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/058a1317-f391-4baf-86a8-31ea7b01d6e6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/058a1317-f391-4baf-86a8-31ea7b01d6e6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4.md b/bootloaders.io/content/bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4.md index 2191802..e5c319b 100644 --- a/bootloaders.io/content/bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4.md +++ b/bootloaders.io/content/bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/05a8e372-5b24-4953-8d25-d6560076f4f4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/05a8e372-5b24-4953-8d25-d6560076f4f4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/063ad364-8db5-4bb6-a731-799b970cf900.md b/bootloaders.io/content/bootloaders/063ad364-8db5-4bb6-a731-799b970cf900.md index d6dc3d5..779d59b 100644 --- a/bootloaders.io/content/bootloaders/063ad364-8db5-4bb6-a731-799b970cf900.md +++ b/bootloaders.io/content/bootloaders/063ad364-8db5-4bb6-a731-799b970cf900.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/063ad364-8db5-4bb6-a731-799b970cf900.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/063ad364-8db5-4bb6-a731-799b970cf900.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.md b/bootloaders.io/content/bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.md index 337bd26..ac31a6e 100644 --- a/bootloaders.io/content/bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.md +++ b/bootloaders.io/content/bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.md @@ -22,7 +22,7 @@ This was provided by BITDEFENDER and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd.md b/bootloaders.io/content/bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd.md index 0d917d1..cc4ab7d 100644 --- a/bootloaders.io/content/bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd.md +++ b/bootloaders.io/content/bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/077ccbb7-5e3d-455d-abbf-317e3ee73abd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/077ccbb7-5e3d-455d-abbf-317e3ee73abd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.md b/bootloaders.io/content/bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.md index 8532fb1..c5fac53 100644 --- a/bootloaders.io/content/bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.md +++ b/bootloaders.io/content/bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5.md b/bootloaders.io/content/bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5.md index 829dc20..ac60d20 100644 --- a/bootloaders.io/content/bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5.md +++ b/bootloaders.io/content/bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/07e76cae-6513-4120-b399-3ab5ae5879a5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/07e76cae-6513-4120-b399-3ab5ae5879a5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c.md b/bootloaders.io/content/bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c.md index 3182f6b..8041cbd 100644 --- a/bootloaders.io/content/bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c.md +++ b/bootloaders.io/content/bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/09476ffd-a0fd-4510-9e36-a20727c16b8c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/09476ffd-a0fd-4510-9e36-a20727c16b8c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124.md b/bootloaders.io/content/bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124.md index 130a6b9..cad2385 100644 --- a/bootloaders.io/content/bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124.md +++ b/bootloaders.io/content/bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9962f9fb820e5d7f5a31b86b9d164d33.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9962f9fb820e5d7f5a31b86b9d164d33.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0a9c062b-91a3-44f9-b577-0128708bf124.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0a9c062b-91a3-44f9-b577-0128708bf124.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.md b/bootloaders.io/content/bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.md index 0ec98a4..a54d4ea 100644 --- a/bootloaders.io/content/bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.md +++ b/bootloaders.io/content/bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.md b/bootloaders.io/content/bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.md index 8887115..7b516f9 100644 --- a/bootloaders.io/content/bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.md +++ b/bootloaders.io/content/bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.md b/bootloaders.io/content/bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.md index f02b60b..94a4343 100644 --- a/bootloaders.io/content/bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.md +++ b/bootloaders.io/content/bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.md b/bootloaders.io/content/bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.md index 931b792..9a8ccb3 100644 --- a/bootloaders.io/content/bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.md +++ b/bootloaders.io/content/bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.md @@ -22,7 +22,7 @@ This was provided by vmware and revoked Aug-22 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.md b/bootloaders.io/content/bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.md index 1b4a906..6972caa 100644 --- a/bootloaders.io/content/bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.md +++ b/bootloaders.io/content/bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.md b/bootloaders.io/content/bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.md index 0181f1c..214a49f 100644 --- a/bootloaders.io/content/bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.md +++ b/bootloaders.io/content/bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2.md b/bootloaders.io/content/bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2.md index c89d4f9..aad9f53 100644 --- a/bootloaders.io/content/bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2.md +++ b/bootloaders.io/content/bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0cbcf08b-1870-478c-bb85-8d12308ec1c2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0cbcf08b-1870-478c-bb85-8d12308ec1c2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21.md b/bootloaders.io/content/bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21.md index 77a8539..b339c40 100644 --- a/bootloaders.io/content/bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21.md +++ b/bootloaders.io/content/bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0d33abea-51fd-4453-a8a3-150328e8ce21.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0d33abea-51fd-4453-a8a3-150328e8ce21.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.md b/bootloaders.io/content/bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.md index fcfbe1b..547e718 100644 --- a/bootloaders.io/content/bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.md +++ b/bootloaders.io/content/bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.md b/bootloaders.io/content/bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.md index 344f12f..426fe20 100644 --- a/bootloaders.io/content/bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.md +++ b/bootloaders.io/content/bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.md @@ -22,7 +22,7 @@ This was provided by NTI Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/87ae10260e4ba99762c952c6b1781476.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/87ae10260e4ba99762c952c6b1781476.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0e305520-6001-4144-893d-b4c38ea47886.md b/bootloaders.io/content/bootloaders/0e305520-6001-4144-893d-b4c38ea47886.md index 7435fb9..b801625 100644 --- a/bootloaders.io/content/bootloaders/0e305520-6001-4144-893d-b4c38ea47886.md +++ b/bootloaders.io/content/bootloaders/0e305520-6001-4144-893d-b4c38ea47886.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0e305520-6001-4144-893d-b4c38ea47886.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0e305520-6001-4144-893d-b4c38ea47886.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8.md b/bootloaders.io/content/bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8.md index e28dc22..087be64 100644 --- a/bootloaders.io/content/bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8.md +++ b/bootloaders.io/content/bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c9b413ac0a31f9eb0a141e05654d1d52.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c9b413ac0a31f9eb0a141e05654d1d52.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0e36a4f3-efab-453c-b6db-fe4f613b79d8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0e36a4f3-efab-453c-b6db-fe4f613b79d8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a.md b/bootloaders.io/content/bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a.md index 39a802a..0724a4a 100644 --- a/bootloaders.io/content/bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a.md +++ b/bootloaders.io/content/bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a.md @@ -22,7 +22,7 @@ This was provided by CPSD and revoked Aug-22 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0e46bd88-7635-4162-a02e-85d9bd33be3a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0e46bd88-7635-4162-a02e-85d9bd33be3a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4.md b/bootloaders.io/content/bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4.md index 9fd3bf2..bc02776 100644 --- a/bootloaders.io/content/bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4.md +++ b/bootloaders.io/content/bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0ecce400-dd9c-4291-9502-c8682a4474a4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0ecce400-dd9c-4291-9502-c8682a4474a4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205.md b/bootloaders.io/content/bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205.md index 542113d..e736164 100644 --- a/bootloaders.io/content/bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205.md +++ b/bootloaders.io/content/bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0f3431ba-2b83-4020-b3ff-32eadbcb7205.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0f3431ba-2b83-4020-b3ff-32eadbcb7205.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557.md b/bootloaders.io/content/bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557.md index 7ad0770..ae2118a 100644 --- a/bootloaders.io/content/bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557.md +++ b/bootloaders.io/content/bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0f4b6460-f81b-4770-8dfb-55224983a557.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0f4b6460-f81b-4770-8dfb-55224983a557.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.md b/bootloaders.io/content/bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.md index dbda75f..e99e51a 100644 --- a/bootloaders.io/content/bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.md +++ b/bootloaders.io/content/bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/10baff75-83cd-4786-ac2b-ade269c71421.md b/bootloaders.io/content/bootloaders/10baff75-83cd-4786-ac2b-ade269c71421.md index 49025df..9d53923 100644 --- a/bootloaders.io/content/bootloaders/10baff75-83cd-4786-ac2b-ade269c71421.md +++ b/bootloaders.io/content/bootloaders/10baff75-83cd-4786-ac2b-ade269c71421.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/10baff75-83cd-4786-ac2b-ade269c71421.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/10baff75-83cd-4786-ac2b-ade269c71421.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b.md b/bootloaders.io/content/bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b.md index 2a4b63b..b045b2f 100644 --- a/bootloaders.io/content/bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b.md +++ b/bootloaders.io/content/bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/116c526f-a50d-4f84-b577-d52dbbde526b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/116c526f-a50d-4f84-b577-d52dbbde526b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.md b/bootloaders.io/content/bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.md index fab22f2..d684caf 100644 --- a/bootloaders.io/content/bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.md +++ b/bootloaders.io/content/bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/bc78920fd9f058973d63495f36203685.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/bc78920fd9f058973d63495f36203685.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.md b/bootloaders.io/content/bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.md index 66279c8..16b0a2b 100644 --- a/bootloaders.io/content/bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.md +++ b/bootloaders.io/content/bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7.md b/bootloaders.io/content/bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7.md index eadf23c..f04cbc9 100644 --- a/bootloaders.io/content/bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7.md +++ b/bootloaders.io/content/bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/36218d733c0afdd2d6dce6f616335a2f.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/36218d733c0afdd2d6dce6f616335a2f.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1387dafb-6dad-48b4-a186-98e52cac74b7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1387dafb-6dad-48b4-a186-98e52cac74b7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627.md b/bootloaders.io/content/bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627.md index 0a66cc7..74b0920 100644 --- a/bootloaders.io/content/bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627.md +++ b/bootloaders.io/content/bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/13ef8a27-3274-4d3d-831f-36b30bc88627.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/13ef8a27-3274-4d3d-831f-36b30bc88627.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1456951c-e037-4508-a34f-5a6ff0065521.md b/bootloaders.io/content/bootloaders/1456951c-e037-4508-a34f-5a6ff0065521.md index 553b9f9..0fd6009 100644 --- a/bootloaders.io/content/bootloaders/1456951c-e037-4508-a34f-5a6ff0065521.md +++ b/bootloaders.io/content/bootloaders/1456951c-e037-4508-a34f-5a6ff0065521.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/89c04150c5f5b596236e04ccf5ef6a2f.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/89c04150c5f5b596236e04ccf5ef6a2f.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1456951c-e037-4508-a34f-5a6ff0065521.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1456951c-e037-4508-a34f-5a6ff0065521.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b.md b/bootloaders.io/content/bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b.md index 0d59c63..0990127 100644 --- a/bootloaders.io/content/bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b.md +++ b/bootloaders.io/content/bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1457ea3c-21cc-46d1-adf3-606e98b3938b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1457ea3c-21cc-46d1-adf3-606e98b3938b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47.md b/bootloaders.io/content/bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47.md index 549cc34..993cfe3 100644 --- a/bootloaders.io/content/bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47.md +++ b/bootloaders.io/content/bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/146ba6ae-683a-4c91-b076-c267a77bbd47.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/146ba6ae-683a-4c91-b076-c267a77bbd47.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa.md b/bootloaders.io/content/bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa.md index d21dded..33d5d88 100644 --- a/bootloaders.io/content/bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa.md +++ b/bootloaders.io/content/bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/15ca73cc-0098-429e-8191-5df17cae28aa.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/15ca73cc-0098-429e-8191-5df17cae28aa.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95.md b/bootloaders.io/content/bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95.md index e12aed3..2c0f6b4 100644 --- a/bootloaders.io/content/bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95.md +++ b/bootloaders.io/content/bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/160959a3-8cac-43f9-a0d1-1c108375fb95.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/160959a3-8cac-43f9-a0d1-1c108375fb95.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887.md b/bootloaders.io/content/bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887.md index b9dbdcd..54198dc 100644 --- a/bootloaders.io/content/bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887.md +++ b/bootloaders.io/content/bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c815c638cba6bdc82a6b4f72204ed252.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c815c638cba6bdc82a6b4f72204ed252.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/163602d8-2ce1-4c1a-9101-568c50a6f887.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/163602d8-2ce1-4c1a-9101-568c50a6f887.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175.md b/bootloaders.io/content/bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175.md index bec2c4d..c8abbc2 100644 --- a/bootloaders.io/content/bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175.md +++ b/bootloaders.io/content/bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/163d69a7-be4d-47bf-ba9b-ad2e76271175.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/163d69a7-be4d-47bf-ba9b-ad2e76271175.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.md b/bootloaders.io/content/bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.md index 16b0ddf..94dcf36 100644 --- a/bootloaders.io/content/bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.md +++ b/bootloaders.io/content/bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.md b/bootloaders.io/content/bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.md index 91cba08..fbe9ae3 100644 --- a/bootloaders.io/content/bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.md +++ b/bootloaders.io/content/bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c86257e19730c49e2abfbdf19e322c49.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c86257e19730c49e2abfbdf19e322c49.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/191557da-f224-48bb-b027-94534c5637ae.md b/bootloaders.io/content/bootloaders/191557da-f224-48bb-b027-94534c5637ae.md index 9c641ec..96ea4a6 100644 --- a/bootloaders.io/content/bootloaders/191557da-f224-48bb-b027-94534c5637ae.md +++ b/bootloaders.io/content/bootloaders/191557da-f224-48bb-b027-94534c5637ae.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/191557da-f224-48bb-b027-94534c5637ae.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/191557da-f224-48bb-b027-94534c5637ae.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e.md b/bootloaders.io/content/bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e.md index 4097985..64e8594 100644 --- a/bootloaders.io/content/bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e.md +++ b/bootloaders.io/content/bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1a268d88-47d0-4204-ade4-ed6e4ef6028e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1a268d88-47d0-4204-ade4-ed6e4ef6028e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.md b/bootloaders.io/content/bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.md index ba50fe3..c69d476 100644 --- a/bootloaders.io/content/bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.md +++ b/bootloaders.io/content/bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9618221803e2befd17607ef2d957442f.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9618221803e2befd17607ef2d957442f.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f.md b/bootloaders.io/content/bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f.md index d9d74b0..d388e87 100644 --- a/bootloaders.io/content/bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f.md +++ b/bootloaders.io/content/bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f.md @@ -22,7 +22,7 @@ This was provided by Canonical and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/f383b5c1f0cb8806742c8df990bc7803.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f383b5c1f0cb8806742c8df990bc7803.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1b134b19-47f4-4bfd-af37-40c05933168f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1b134b19-47f4-4bfd-af37-40c05933168f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12.md b/bootloaders.io/content/bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12.md index ed1c47b..2f2bd54 100644 --- a/bootloaders.io/content/bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12.md +++ b/bootloaders.io/content/bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1ca07dec-812e-46a2-ada4-141584aa0c12.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1ca07dec-812e-46a2-ada4-141584aa0c12.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.md b/bootloaders.io/content/bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.md index 4407147..3df01ef 100644 --- a/bootloaders.io/content/bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.md +++ b/bootloaders.io/content/bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4.md b/bootloaders.io/content/bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4.md index 33fd659..fb40db2 100644 --- a/bootloaders.io/content/bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4.md +++ b/bootloaders.io/content/bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1f0649ef-7118-46ab-b168-e4b9736bcea4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1f0649ef-7118-46ab-b168-e4b9736bcea4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.md b/bootloaders.io/content/bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.md index 48f19e5..9dca4d6 100644 --- a/bootloaders.io/content/bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.md +++ b/bootloaders.io/content/bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.md @@ -22,7 +22,7 @@ This was provided by Ciscso Systems Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/cd3a08a351a1e5286fdabeb5bbf371e7.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/cd3a08a351a1e5286fdabeb5bbf371e7.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39.md b/bootloaders.io/content/bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39.md index 2ff0918..6e15078 100644 --- a/bootloaders.io/content/bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39.md +++ b/bootloaders.io/content/bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/216969d0-1120-463f-a8b0-f8832f49fe39.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/216969d0-1120-463f-a8b0-f8832f49fe39.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.md b/bootloaders.io/content/bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.md index 15f8936..1a3e8f9 100644 --- a/bootloaders.io/content/bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.md +++ b/bootloaders.io/content/bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.md b/bootloaders.io/content/bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.md index 3cceca2..f127105 100644 --- a/bootloaders.io/content/bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.md +++ b/bootloaders.io/content/bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198.md b/bootloaders.io/content/bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198.md index 60ae554..dd01677 100644 --- a/bootloaders.io/content/bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198.md +++ b/bootloaders.io/content/bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/65e619f026af74b9c47c2cc77346ec40.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/65e619f026af74b9c47c2cc77346ec40.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2281377f-96d2-494e-91d6-86e4f2c78198.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2281377f-96d2-494e-91d6-86e4f2c78198.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98.md b/bootloaders.io/content/bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98.md index d2e5f26..5222245 100644 --- a/bootloaders.io/content/bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98.md +++ b/bootloaders.io/content/bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2297fba2-2316-41a2-93f7-20ea8c9f6b98.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2297fba2-2316-41a2-93f7-20ea8c9f6b98.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.md b/bootloaders.io/content/bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.md index f7e65cf..22f71ac 100644 --- a/bootloaders.io/content/bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.md +++ b/bootloaders.io/content/bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371.md b/bootloaders.io/content/bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371.md index cbe38cd..53fa576 100644 --- a/bootloaders.io/content/bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371.md +++ b/bootloaders.io/content/bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371.md @@ -22,7 +22,7 @@ This was provided by Novell Systems and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/24b32147-9b69-40e3-a166-b0c457b3c371.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/24b32147-9b69-40e3-a166-b0c457b3c371.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.md b/bootloaders.io/content/bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.md index d6a9942..18eff44 100644 --- a/bootloaders.io/content/bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.md +++ b/bootloaders.io/content/bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/25025124-0a03-422d-8fe8-530afd16951c.md b/bootloaders.io/content/bootloaders/25025124-0a03-422d-8fe8-530afd16951c.md index d5ac19b..f09f514 100644 --- a/bootloaders.io/content/bootloaders/25025124-0a03-422d-8fe8-530afd16951c.md +++ b/bootloaders.io/content/bootloaders/25025124-0a03-422d-8fe8-530afd16951c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/25025124-0a03-422d-8fe8-530afd16951c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/25025124-0a03-422d-8fe8-530afd16951c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/25356276-9f23-4044-a512-863c5b3180df.md b/bootloaders.io/content/bootloaders/25356276-9f23-4044-a512-863c5b3180df.md index 7d425af..11c1bdb 100644 --- a/bootloaders.io/content/bootloaders/25356276-9f23-4044-a512-863c5b3180df.md +++ b/bootloaders.io/content/bootloaders/25356276-9f23-4044-a512-863c5b3180df.md @@ -22,7 +22,7 @@ This was provided by Canonical and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/25356276-9f23-4044-a512-863c5b3180df.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/25356276-9f23-4044-a512-863c5b3180df.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b.md b/bootloaders.io/content/bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b.md index 615b2c1..3f4ed0b 100644 --- a/bootloaders.io/content/bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b.md +++ b/bootloaders.io/content/bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/261d9721-b41e-4711-9ec1-d46057b9c56b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/261d9721-b41e-4711-9ec1-d46057b9c56b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.md b/bootloaders.io/content/bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.md index aa8ca48..a890387 100644 --- a/bootloaders.io/content/bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.md +++ b/bootloaders.io/content/bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba.md b/bootloaders.io/content/bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba.md index 2483f1a..db0757c 100644 --- a/bootloaders.io/content/bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba.md +++ b/bootloaders.io/content/bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/26ede8d7-1e62-43e2-97f4-710a4352d0ba.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/26ede8d7-1e62-43e2-97f4-710a4352d0ba.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b.md b/bootloaders.io/content/bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b.md index 38cb60e..52b3223 100644 --- a/bootloaders.io/content/bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b.md +++ b/bootloaders.io/content/bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/a7077726554ee791e5a4b6e20ba8d557.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a7077726554ee791e5a4b6e20ba8d557.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/275664b6-bb50-43c5-9d04-b100ea9fe56b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/275664b6-bb50-43c5-9d04-b100ea9fe56b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1.md b/bootloaders.io/content/bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1.md index eb89c14..b611052 100644 --- a/bootloaders.io/content/bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1.md +++ b/bootloaders.io/content/bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/27c9ba50-5540-4ff3-90eb-8798c48599a1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/27c9ba50-5540-4ff3-90eb-8798c48599a1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/27ce9422-3805-4231-8142-aa0976d3686a.md b/bootloaders.io/content/bootloaders/27ce9422-3805-4231-8142-aa0976d3686a.md index c90869f..c5318e1 100644 --- a/bootloaders.io/content/bootloaders/27ce9422-3805-4231-8142-aa0976d3686a.md +++ b/bootloaders.io/content/bootloaders/27ce9422-3805-4231-8142-aa0976d3686a.md @@ -22,7 +22,7 @@ This was provided by TeraByte Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/27ce9422-3805-4231-8142-aa0976d3686a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/27ce9422-3805-4231-8142-aa0976d3686a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.md b/bootloaders.io/content/bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.md index 3102736..a4a9c8f 100644 --- a/bootloaders.io/content/bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.md +++ b/bootloaders.io/content/bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294.md b/bootloaders.io/content/bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294.md index c0cc426..33db0b9 100644 --- a/bootloaders.io/content/bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294.md +++ b/bootloaders.io/content/bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/285c0ef5-dd8b-4c50-af8f-6ed20f233294.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/285c0ef5-dd8b-4c50-af8f-6ed20f233294.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.md b/bootloaders.io/content/bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.md index b0f2644..e8ae505 100644 --- a/bootloaders.io/content/bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.md +++ b/bootloaders.io/content/bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.md b/bootloaders.io/content/bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.md index d6bf163..1181098 100644 --- a/bootloaders.io/content/bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.md +++ b/bootloaders.io/content/bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/293680d1-928e-47e7-b45b-421122787ad8.md b/bootloaders.io/content/bootloaders/293680d1-928e-47e7-b45b-421122787ad8.md index a195465..e448328 100644 --- a/bootloaders.io/content/bootloaders/293680d1-928e-47e7-b45b-421122787ad8.md +++ b/bootloaders.io/content/bootloaders/293680d1-928e-47e7-b45b-421122787ad8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/293680d1-928e-47e7-b45b-421122787ad8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/293680d1-928e-47e7-b45b-421122787ad8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/298f4996-3321-455a-bce2-919c3a73da65.md b/bootloaders.io/content/bootloaders/298f4996-3321-455a-bce2-919c3a73da65.md index 8ce13dd..c7bbab2 100644 --- a/bootloaders.io/content/bootloaders/298f4996-3321-455a-bce2-919c3a73da65.md +++ b/bootloaders.io/content/bootloaders/298f4996-3321-455a-bce2-919c3a73da65.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/298f4996-3321-455a-bce2-919c3a73da65.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/298f4996-3321-455a-bce2-919c3a73da65.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.md b/bootloaders.io/content/bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.md index 992bbcc..7aba52f 100644 --- a/bootloaders.io/content/bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.md +++ b/bootloaders.io/content/bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.md b/bootloaders.io/content/bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.md index df7a7a3..8c073dd 100644 --- a/bootloaders.io/content/bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.md +++ b/bootloaders.io/content/bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37.md b/bootloaders.io/content/bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37.md index 59e6ceb..8f9fe8d 100644 --- a/bootloaders.io/content/bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37.md +++ b/bootloaders.io/content/bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2a2e7598-1bd6-4772-a189-6421ab29af37.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2a2e7598-1bd6-4772-a189-6421ab29af37.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7.md b/bootloaders.io/content/bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7.md index b27903b..b969950 100644 --- a/bootloaders.io/content/bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7.md +++ b/bootloaders.io/content/bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9671f8d6de959b9d084f2a67f6dfadf3.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9671f8d6de959b9d084f2a67f6dfadf3.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2a4a532a-848c-4ca5-a910-357daefe32e7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2a4a532a-848c-4ca5-a910-357daefe32e7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.md b/bootloaders.io/content/bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.md index 5cca16f..ac1a662 100644 --- a/bootloaders.io/content/bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.md +++ b/bootloaders.io/content/bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.md b/bootloaders.io/content/bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.md index 4dbf9e9..faf7a31 100644 --- a/bootloaders.io/content/bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.md +++ b/bootloaders.io/content/bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.md @@ -22,7 +22,7 @@ This was provided by Canonical and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c3f1acb15ea4dd4002d43c5941d1a64e.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c3f1acb15ea4dd4002d43c5941d1a64e.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.md b/bootloaders.io/content/bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.md index 14ad07d..6f6018d 100644 --- a/bootloaders.io/content/bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.md +++ b/bootloaders.io/content/bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e.md b/bootloaders.io/content/bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e.md index b7dabf4..af48175 100644 --- a/bootloaders.io/content/bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e.md +++ b/bootloaders.io/content/bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2b807893-889b-4dd8-99be-ff17aecfb58e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2b807893-889b-4dd8-99be-ff17aecfb58e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.md b/bootloaders.io/content/bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.md index 3e61614..2e985a2 100644 --- a/bootloaders.io/content/bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.md +++ b/bootloaders.io/content/bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.md @@ -22,7 +22,7 @@ This was provided by whitecanyon and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/69a56b18be5865ccda9ab3a5bb4987ab.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/69a56b18be5865ccda9ab3a5bb4987ab.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727.md b/bootloaders.io/content/bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727.md index 3807848..c8a8333 100644 --- a/bootloaders.io/content/bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727.md +++ b/bootloaders.io/content/bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c453084032024e3b2dcd648c9406e760.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c453084032024e3b2dcd648c9406e760.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2bfaff34-8a6b-486e-a308-0484d2372727.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2bfaff34-8a6b-486e-a308-0484d2372727.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.md b/bootloaders.io/content/bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.md index 425550e..a3fb6a1 100644 --- a/bootloaders.io/content/bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.md +++ b/bootloaders.io/content/bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.md @@ -22,7 +22,7 @@ This was provided by Endless OS and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.md b/bootloaders.io/content/bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.md index 6a08fa1..e73ef3e 100644 --- a/bootloaders.io/content/bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.md +++ b/bootloaders.io/content/bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.md @@ -22,7 +22,7 @@ This was provided by Alt Linux LTD and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/28e6701303a90a81dea61addc9d06329.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/28e6701303a90a81dea61addc9d06329.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93.md b/bootloaders.io/content/bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93.md index 4efcd42..ad10fde 100644 --- a/bootloaders.io/content/bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93.md +++ b/bootloaders.io/content/bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93.md @@ -22,7 +22,7 @@ This was provided by Alt Linux LTD and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9a795b1affc7cb4650bbd99b9a2cd819.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9a795b1affc7cb4650bbd99b9a2cd819.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2ca3cf24-b271-4a27-a228-ca91cab34b93.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2ca3cf24-b271-4a27-a228-ca91cab34b93.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2cb09869-230c-4114-a4ec-a744b3181282.md b/bootloaders.io/content/bootloaders/2cb09869-230c-4114-a4ec-a744b3181282.md index 3687b6a..340e903 100644 --- a/bootloaders.io/content/bootloaders/2cb09869-230c-4114-a4ec-a744b3181282.md +++ b/bootloaders.io/content/bootloaders/2cb09869-230c-4114-a4ec-a744b3181282.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/390218e8b12b9b5a8985baf49e163930.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/390218e8b12b9b5a8985baf49e163930.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2cb09869-230c-4114-a4ec-a744b3181282.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2cb09869-230c-4114-a4ec-a744b3181282.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d.md b/bootloaders.io/content/bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d.md index fa474ea..6c6762b 100644 --- a/bootloaders.io/content/bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d.md +++ b/bootloaders.io/content/bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d.md @@ -22,7 +22,7 @@ This was provided by Debian and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/a1b9b882d3990b8465c7010a406ecd99.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a1b9b882d3990b8465c7010a406ecd99.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,14 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} -* text -* text +* text, text {{< /details >}} #### Imports {{< details "Expand" >}} -* text -* text +* text, text {{< /details >}} #### ImportedFunctions @@ -220,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2d38a9bc-5c3e-4871-9e74-a1181a10764d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2d38a9bc-5c3e-4871-9e74-a1181a10764d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699.md b/bootloaders.io/content/bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699.md index 94f7a90..bc9ab30 100644 --- a/bootloaders.io/content/bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699.md +++ b/bootloaders.io/content/bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699.md @@ -22,7 +22,7 @@ This was provided by The Broadband Computer Co and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2d78b89b-4a5d-4d38-8c20-2baf76df8699.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2d78b89b-4a5d-4d38-8c20-2baf76df8699.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641.md b/bootloaders.io/content/bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641.md index 0fc00d9..f2e2ac8 100644 --- a/bootloaders.io/content/bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641.md +++ b/bootloaders.io/content/bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641.md @@ -22,7 +22,7 @@ This was provided by Isoo Software Dev Co Ltd and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/89805fbe6421f1d03023514f8fd7215d.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/89805fbe6421f1d03023514f8fd7215d.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2e3641bb-5bd7-42d3-8353-481b4593c641.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2e3641bb-5bd7-42d3-8353-481b4593c641.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e.md b/bootloaders.io/content/bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e.md index 421f9a6..be6636f 100644 --- a/bootloaders.io/content/bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e.md +++ b/bootloaders.io/content/bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c1feed742caf34c142f70956e0c1259b.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c1feed742caf34c142f70956e0c1259b.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2e84c348-bc0b-46e8-aad0-77b20e8c534e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2e84c348-bc0b-46e8-aad0-77b20e8c534e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02.md b/bootloaders.io/content/bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02.md index 9dedde8..7840edd 100644 --- a/bootloaders.io/content/bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02.md +++ b/bootloaders.io/content/bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2e98c935-fda6-4fc9-b635-47a7d9157a02.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2e98c935-fda6-4fc9-b635-47a7d9157a02.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369.md b/bootloaders.io/content/bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369.md index c054d5d..5fa3f39 100644 --- a/bootloaders.io/content/bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369.md +++ b/bootloaders.io/content/bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/bad97e7203aec2bd026403a7f70688b9.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/bad97e7203aec2bd026403a7f70688b9.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2eba3138-0822-49f5-abb8-ea5cae849369.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2eba3138-0822-49f5-abb8-ea5cae849369.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a.md b/bootloaders.io/content/bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a.md index fbbda2f..cc7480b 100644 --- a/bootloaders.io/content/bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a.md +++ b/bootloaders.io/content/bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/2f495b21-1d43-43c5-8770-c221121a2e6a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2f495b21-1d43-43c5-8770-c221121a2e6a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe.md b/bootloaders.io/content/bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe.md index 835cf9e..c3920e5 100644 --- a/bootloaders.io/content/bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe.md +++ b/bootloaders.io/content/bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/30e370b5-bc05-4b98-96d1-8e71f41083fe.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/30e370b5-bc05-4b98-96d1-8e71f41083fe.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/312c2d35-25a3-454a-a458-a797350273b1.md b/bootloaders.io/content/bootloaders/312c2d35-25a3-454a-a458-a797350273b1.md index 02503be..2b9b971 100644 --- a/bootloaders.io/content/bootloaders/312c2d35-25a3-454a-a458-a797350273b1.md +++ b/bootloaders.io/content/bootloaders/312c2d35-25a3-454a-a458-a797350273b1.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/312c2d35-25a3-454a-a458-a797350273b1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/312c2d35-25a3-454a-a458-a797350273b1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/312efde5-1d57-4845-860d-cecb9a1af677.md b/bootloaders.io/content/bootloaders/312efde5-1d57-4845-860d-cecb9a1af677.md index afa9407..cf58c94 100644 --- a/bootloaders.io/content/bootloaders/312efde5-1d57-4845-860d-cecb9a1af677.md +++ b/bootloaders.io/content/bootloaders/312efde5-1d57-4845-860d-cecb9a1af677.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/312efde5-1d57-4845-860d-cecb9a1af677.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/312efde5-1d57-4845-860d-cecb9a1af677.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69.md b/bootloaders.io/content/bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69.md index 4c2b929..89873c9 100644 --- a/bootloaders.io/content/bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69.md +++ b/bootloaders.io/content/bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/45a7c3cf799b58b886c0b4c7f6f71d32.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/45a7c3cf799b58b886c0b4c7f6f71d32.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3175132e-f5d7-4d88-b395-ca30351f8c69.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3175132e-f5d7-4d88-b395-ca30351f8c69.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3.md b/bootloaders.io/content/bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3.md index 097172c..3a91542 100644 --- a/bootloaders.io/content/bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3.md +++ b/bootloaders.io/content/bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/f66d8bc26d38b7faaa1fbd4c4fdda3ff.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f66d8bc26d38b7faaa1fbd4c4fdda3ff.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/32544796-1bfd-476b-a4f6-8fccc5a593a3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/32544796-1bfd-476b-a4f6-8fccc5a593a3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421.md b/bootloaders.io/content/bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421.md index 0004211..e8eef51 100644 --- a/bootloaders.io/content/bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421.md +++ b/bootloaders.io/content/bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c748cde9827385f9832a4f0ab1f02550.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c748cde9827385f9832a4f0ab1f02550.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/329800cf-dad0-4ca8-bdc9-6ec18ff01421.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/329800cf-dad0-4ca8-bdc9-6ec18ff01421.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22.md b/bootloaders.io/content/bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22.md index ce282ce..065c064 100644 --- a/bootloaders.io/content/bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22.md +++ b/bootloaders.io/content/bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/dbed1f7ed9e19e53bfc7f43122ce3d83.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/dbed1f7ed9e19e53bfc7f43122ce3d83.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/32eed29e-9d32-4120-8a43-02c7dfc4ae22.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/32eed29e-9d32-4120-8a43-02c7dfc4ae22.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5.md b/bootloaders.io/content/bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5.md index 06414d3..d718de9 100644 --- a/bootloaders.io/content/bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5.md +++ b/bootloaders.io/content/bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/33559284-bca8-4af2-917e-d209ee8d15c5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/33559284-bca8-4af2-917e-d209ee8d15c5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.md b/bootloaders.io/content/bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.md index 534c117..e25478d 100644 --- a/bootloaders.io/content/bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.md +++ b/bootloaders.io/content/bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/53663cb5fea6bde711171523a2206e45.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/53663cb5fea6bde711171523a2206e45.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/347957db-bbbc-4322-a736-366891a369d0.md b/bootloaders.io/content/bootloaders/347957db-bbbc-4322-a736-366891a369d0.md index 088fb37..54e36b8 100644 --- a/bootloaders.io/content/bootloaders/347957db-bbbc-4322-a736-366891a369d0.md +++ b/bootloaders.io/content/bootloaders/347957db-bbbc-4322-a736-366891a369d0.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/347957db-bbbc-4322-a736-366891a369d0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/347957db-bbbc-4322-a736-366891a369d0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075.md b/bootloaders.io/content/bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075.md index 66dbdfe..703ec13 100644 --- a/bootloaders.io/content/bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075.md +++ b/bootloaders.io/content/bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/34cf714a-cbf0-4339-afb8-bae3643a4075.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/34cf714a-cbf0-4339-afb8-bae3643a4075.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.md b/bootloaders.io/content/bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.md index f7be0d9..72daee9 100644 --- a/bootloaders.io/content/bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.md +++ b/bootloaders.io/content/bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/34e61740-5c56-404a-b796-1db5337dd86e.md b/bootloaders.io/content/bootloaders/34e61740-5c56-404a-b796-1db5337dd86e.md index d3e6480..99183e3 100644 --- a/bootloaders.io/content/bootloaders/34e61740-5c56-404a-b796-1db5337dd86e.md +++ b/bootloaders.io/content/bootloaders/34e61740-5c56-404a-b796-1db5337dd86e.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/34e61740-5c56-404a-b796-1db5337dd86e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/34e61740-5c56-404a-b796-1db5337dd86e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.md b/bootloaders.io/content/bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.md index 5bf4202..cdf99d8 100644 --- a/bootloaders.io/content/bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.md +++ b/bootloaders.io/content/bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f.md b/bootloaders.io/content/bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f.md index 3d60c6a..f48cf9a 100644 --- a/bootloaders.io/content/bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f.md +++ b/bootloaders.io/content/bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3598ca7a-27b3-4c09-aaca-cb5108eca19f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3598ca7a-27b3-4c09-aaca-cb5108eca19f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.md b/bootloaders.io/content/bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.md index 4927d54..9d4fa66 100644 --- a/bootloaders.io/content/bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.md +++ b/bootloaders.io/content/bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784.md b/bootloaders.io/content/bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784.md index a2a53d2..4a31d4d 100644 --- a/bootloaders.io/content/bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784.md +++ b/bootloaders.io/content/bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784.md @@ -22,7 +22,7 @@ This was provided by BITDEFENDER and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/0887bbb1fff22018d425b56dfb642db7.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/0887bbb1fff22018d425b56dfb642db7.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/35c8a2f7-287d-4251-a949-d1ad45040784.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/35c8a2f7-287d-4251-a949-d1ad45040784.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e.md b/bootloaders.io/content/bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e.md index 3153411..0372438 100644 --- a/bootloaders.io/content/bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e.md +++ b/bootloaders.io/content/bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3645f533-8562-4958-aaa3-7e5924aadd8e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3645f533-8562-4958-aaa3-7e5924aadd8e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c.md b/bootloaders.io/content/bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c.md index 29db153..24ca642 100644 --- a/bootloaders.io/content/bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c.md +++ b/bootloaders.io/content/bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/365019a1-7820-4c83-a483-15dfd2ca466c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/365019a1-7820-4c83-a483-15dfd2ca466c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c.md b/bootloaders.io/content/bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c.md index b9a3400..03ba250 100644 --- a/bootloaders.io/content/bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c.md +++ b/bootloaders.io/content/bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/38e6bed7-1db9-4c15-8358-040edb77a39c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/38e6bed7-1db9-4c15-8358-040edb77a39c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08.md b/bootloaders.io/content/bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08.md index 82688ce..279b879 100644 --- a/bootloaders.io/content/bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08.md +++ b/bootloaders.io/content/bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3939d676-6d9d-48b4-8be9-d7d7f3528c08.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3939d676-6d9d-48b4-8be9-d7d7f3528c08.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880.md b/bootloaders.io/content/bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880.md index 1344c8b..c57bbbc 100644 --- a/bootloaders.io/content/bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880.md +++ b/bootloaders.io/content/bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3a20e152-907d-41c3-8ae7-14c2a23e4880.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3a20e152-907d-41c3-8ae7-14c2a23e4880.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555.md b/bootloaders.io/content/bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555.md index 7051c9f..5810f9f 100644 --- a/bootloaders.io/content/bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555.md +++ b/bootloaders.io/content/bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555.md @@ -22,7 +22,7 @@ This was provided by Alt Linux LTD and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3a74fd6f-8747-4f47-b44e-fa10af3da555.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3a74fd6f-8747-4f47-b44e-fa10af3da555.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727.md b/bootloaders.io/content/bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727.md index 3023c0e..5977b5a 100644 --- a/bootloaders.io/content/bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727.md +++ b/bootloaders.io/content/bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3b215ee9-89b8-4437-bd89-dc9fa92cb727.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3b215ee9-89b8-4437-bd89-dc9fa92cb727.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6.md b/bootloaders.io/content/bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6.md index b34a41d..3beb031 100644 --- a/bootloaders.io/content/bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6.md +++ b/bootloaders.io/content/bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3b5b838e-359b-483e-94e9-a1c1ed3077d6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3b5b838e-359b-483e-94e9-a1c1ed3077d6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b.md b/bootloaders.io/content/bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b.md index c294973..8cfe8c0 100644 --- a/bootloaders.io/content/bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b.md +++ b/bootloaders.io/content/bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3b7197b1-fac3-4680-b8a4-b91cc56d984b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3b7197b1-fac3-4680-b8a4-b91cc56d984b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d.md b/bootloaders.io/content/bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d.md index 9e00af6..83cfeca 100644 --- a/bootloaders.io/content/bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d.md +++ b/bootloaders.io/content/bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3b905385-bf3a-4181-9c49-646bb5fb1e6d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3b905385-bf3a-4181-9c49-646bb5fb1e6d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.md b/bootloaders.io/content/bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.md index 8a892ac..9d86fa2 100644 --- a/bootloaders.io/content/bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.md +++ b/bootloaders.io/content/bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/ffa0df6d1cb927f4cde2741d63c7125b.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ffa0df6d1cb927f4cde2741d63c7125b.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3cd9faa5-1675-4640-8304-86e162b60451.md b/bootloaders.io/content/bootloaders/3cd9faa5-1675-4640-8304-86e162b60451.md index 6ea2ef3..50ae12a 100644 --- a/bootloaders.io/content/bootloaders/3cd9faa5-1675-4640-8304-86e162b60451.md +++ b/bootloaders.io/content/bootloaders/3cd9faa5-1675-4640-8304-86e162b60451.md @@ -22,7 +22,7 @@ This was provided by Debian and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/22f93e6ecea58e543fcffa73f5c466b3.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/22f93e6ecea58e543fcffa73f5c466b3.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3cd9faa5-1675-4640-8304-86e162b60451.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3cd9faa5-1675-4640-8304-86e162b60451.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966.md b/bootloaders.io/content/bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966.md index 0325cdb..89a5144 100644 --- a/bootloaders.io/content/bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966.md +++ b/bootloaders.io/content/bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3cddc9bb-dc68-4cd7-aee9-227b47b47966.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3cddc9bb-dc68-4cd7-aee9-227b47b47966.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.md b/bootloaders.io/content/bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.md index b3e4106..aca09ae 100644 --- a/bootloaders.io/content/bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.md +++ b/bootloaders.io/content/bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.md b/bootloaders.io/content/bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.md index 6336e92..5fdbee2 100644 --- a/bootloaders.io/content/bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.md +++ b/bootloaders.io/content/bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.md b/bootloaders.io/content/bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.md index eee63ed..197c24f 100644 --- a/bootloaders.io/content/bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.md +++ b/bootloaders.io/content/bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.md b/bootloaders.io/content/bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.md index 2df4082..27041b5 100644 --- a/bootloaders.io/content/bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.md +++ b/bootloaders.io/content/bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.md @@ -22,7 +22,7 @@ This was provided by VMware, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.md b/bootloaders.io/content/bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.md index 6a5e072..a768cf3 100644 --- a/bootloaders.io/content/bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.md +++ b/bootloaders.io/content/bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182.md b/bootloaders.io/content/bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182.md index 6c9f991..5156831 100644 --- a/bootloaders.io/content/bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182.md +++ b/bootloaders.io/content/bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3f6b5528-2fd7-427f-967e-e89cd9e77182.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3f6b5528-2fd7-427f-967e-e89cd9e77182.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.md b/bootloaders.io/content/bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.md index 5e6ee4c..dc6aacf 100644 --- a/bootloaders.io/content/bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.md +++ b/bootloaders.io/content/bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/3fd56670-7eb8-406e-af51-68998459de7d.md b/bootloaders.io/content/bootloaders/3fd56670-7eb8-406e-af51-68998459de7d.md index 022e0c6..e5dbc86 100644 --- a/bootloaders.io/content/bootloaders/3fd56670-7eb8-406e-af51-68998459de7d.md +++ b/bootloaders.io/content/bootloaders/3fd56670-7eb8-406e-af51-68998459de7d.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/3fd56670-7eb8-406e-af51-68998459de7d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3fd56670-7eb8-406e-af51-68998459de7d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a.md b/bootloaders.io/content/bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a.md index d0b1cca..1854c95 100644 --- a/bootloaders.io/content/bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a.md +++ b/bootloaders.io/content/bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4002b7f5-487f-4822-a1bd-6fbf1167f00a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4002b7f5-487f-4822-a1bd-6fbf1167f00a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/40519b35-c303-4cb2-aa20-c08545506e08.md b/bootloaders.io/content/bootloaders/40519b35-c303-4cb2-aa20-c08545506e08.md index 01c5c91..213ecd1 100644 --- a/bootloaders.io/content/bootloaders/40519b35-c303-4cb2-aa20-c08545506e08.md +++ b/bootloaders.io/content/bootloaders/40519b35-c303-4cb2-aa20-c08545506e08.md @@ -22,7 +22,7 @@ This was provided by Debian and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c77a847cc9c46de840d61ec8e3453f29.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c77a847cc9c46de840d61ec8e3453f29.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/40519b35-c303-4cb2-aa20-c08545506e08.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/40519b35-c303-4cb2-aa20-c08545506e08.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029.md b/bootloaders.io/content/bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029.md index b90ca61..e39076e 100644 --- a/bootloaders.io/content/bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029.md +++ b/bootloaders.io/content/bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/406a9495-809e-4065-8c57-b6aa66dc4029.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/406a9495-809e-4065-8c57-b6aa66dc4029.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953.md b/bootloaders.io/content/bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953.md index 6c615ef..277d43f 100644 --- a/bootloaders.io/content/bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953.md +++ b/bootloaders.io/content/bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/40f5cc74-badf-47d0-8fd7-021190a05953.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/40f5cc74-badf-47d0-8fd7-021190a05953.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/41327687-8774-4304-bbda-cc7c5835b54b.md b/bootloaders.io/content/bootloaders/41327687-8774-4304-bbda-cc7c5835b54b.md index f493069..424e88b 100644 --- a/bootloaders.io/content/bootloaders/41327687-8774-4304-bbda-cc7c5835b54b.md +++ b/bootloaders.io/content/bootloaders/41327687-8774-4304-bbda-cc7c5835b54b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/41327687-8774-4304-bbda-cc7c5835b54b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/41327687-8774-4304-bbda-cc7c5835b54b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7.md b/bootloaders.io/content/bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7.md index 2686634..9ddd5d6 100644 --- a/bootloaders.io/content/bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7.md +++ b/bootloaders.io/content/bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/42952e7b-6913-40b6-bc44-5eacd9c673a7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/42952e7b-6913-40b6-bc44-5eacd9c673a7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f.md b/bootloaders.io/content/bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f.md index 6a7052b..c22bdd4 100644 --- a/bootloaders.io/content/bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f.md +++ b/bootloaders.io/content/bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/8d9e858d7fc95bfcc3690f3bddfac320.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8d9e858d7fc95bfcc3690f3bddfac320.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/43311ee4-a044-4086-9a53-ae01c3ef7f4f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/43311ee4-a044-4086-9a53-ae01c3ef7f4f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/44560d47-de27-4691-bee4-6306bc160643.md b/bootloaders.io/content/bootloaders/44560d47-de27-4691-bee4-6306bc160643.md index 57cf732..5d2591d 100644 --- a/bootloaders.io/content/bootloaders/44560d47-de27-4691-bee4-6306bc160643.md +++ b/bootloaders.io/content/bootloaders/44560d47-de27-4691-bee4-6306bc160643.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/44560d47-de27-4691-bee4-6306bc160643.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/44560d47-de27-4691-bee4-6306bc160643.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/44795d05-39b3-4605-a58c-cd20de64f934.md b/bootloaders.io/content/bootloaders/44795d05-39b3-4605-a58c-cd20de64f934.md index e6e0b96..dbf2d11 100644 --- a/bootloaders.io/content/bootloaders/44795d05-39b3-4605-a58c-cd20de64f934.md +++ b/bootloaders.io/content/bootloaders/44795d05-39b3-4605-a58c-cd20de64f934.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/44795d05-39b3-4605-a58c-cd20de64f934.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/44795d05-39b3-4605-a58c-cd20de64f934.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba.md b/bootloaders.io/content/bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba.md index 782586d..8566cc0 100644 --- a/bootloaders.io/content/bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba.md +++ b/bootloaders.io/content/bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/454bb2af-6ee7-483d-8a15-73f2fec386ba.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/454bb2af-6ee7-483d-8a15-73f2fec386ba.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a.md b/bootloaders.io/content/bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a.md index 03bb85e..2aaba00 100644 --- a/bootloaders.io/content/bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a.md +++ b/bootloaders.io/content/bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/45647cc8-3eeb-483b-97c3-170693cfea9a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/45647cc8-3eeb-483b-97c3-170693cfea9a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb.md b/bootloaders.io/content/bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb.md index 80040c9..bd63e04 100644 --- a/bootloaders.io/content/bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb.md +++ b/bootloaders.io/content/bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/45ac4276-741b-4e22-92bd-bb97042ed4bb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/45ac4276-741b-4e22-92bd-bb97042ed4bb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/463dc6a9-273b-448d-b189-ec577fc29317.md b/bootloaders.io/content/bootloaders/463dc6a9-273b-448d-b189-ec577fc29317.md index ac260df..5ea0513 100644 --- a/bootloaders.io/content/bootloaders/463dc6a9-273b-448d-b189-ec577fc29317.md +++ b/bootloaders.io/content/bootloaders/463dc6a9-273b-448d-b189-ec577fc29317.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/463dc6a9-273b-448d-b189-ec577fc29317.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/463dc6a9-273b-448d-b189-ec577fc29317.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/46412487-6c24-4809-8b77-f2165d5a8395.md b/bootloaders.io/content/bootloaders/46412487-6c24-4809-8b77-f2165d5a8395.md index 50007d9..1dad189 100644 --- a/bootloaders.io/content/bootloaders/46412487-6c24-4809-8b77-f2165d5a8395.md +++ b/bootloaders.io/content/bootloaders/46412487-6c24-4809-8b77-f2165d5a8395.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/46412487-6c24-4809-8b77-f2165d5a8395.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/46412487-6c24-4809-8b77-f2165d5a8395.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2.md b/bootloaders.io/content/bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2.md index ebac96e..609e518 100644 --- a/bootloaders.io/content/bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2.md +++ b/bootloaders.io/content/bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/1bdc36814a6f20464e94616f0d98a521.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1bdc36814a6f20464e94616f0d98a521.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/465c1250-966d-4d32-b168-3b2c614e17f2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/465c1250-966d-4d32-b168-3b2c614e17f2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772.md b/bootloaders.io/content/bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772.md index d404800..0a1019d 100644 --- a/bootloaders.io/content/bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772.md +++ b/bootloaders.io/content/bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/46629c02-f2d8-440a-bc46-d67ad73ea772.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/46629c02-f2d8-440a-bc46-d67ad73ea772.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a.md b/bootloaders.io/content/bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a.md index 4e283d3..c7ee401 100644 --- a/bootloaders.io/content/bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a.md +++ b/bootloaders.io/content/bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/469544ed-d70a-42d6-aca2-690d5ebecb4a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/469544ed-d70a-42d6-aca2-690d5ebecb4a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.md b/bootloaders.io/content/bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.md index e461b78..226d9f5 100644 --- a/bootloaders.io/content/bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.md +++ b/bootloaders.io/content/bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/658f77c25877b5ceb68bc7e046d37ec3.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/658f77c25877b5ceb68bc7e046d37ec3.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.md b/bootloaders.io/content/bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.md index 936e6c3..37afbb1 100644 --- a/bootloaders.io/content/bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.md +++ b/bootloaders.io/content/bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/087617bd4578c903f0a66bd157217f0f.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/087617bd4578c903f0a66bd157217f0f.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/47020b30-de49-4937-9908-9d72b3d153d5.md b/bootloaders.io/content/bootloaders/47020b30-de49-4937-9908-9d72b3d153d5.md index ce52d5d..ab5e55b 100644 --- a/bootloaders.io/content/bootloaders/47020b30-de49-4937-9908-9d72b3d153d5.md +++ b/bootloaders.io/content/bootloaders/47020b30-de49-4937-9908-9d72b3d153d5.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/47020b30-de49-4937-9908-9d72b3d153d5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/47020b30-de49-4937-9908-9d72b3d153d5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad.md b/bootloaders.io/content/bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad.md index 7a08fa5..d884644 100644 --- a/bootloaders.io/content/bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad.md +++ b/bootloaders.io/content/bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4750d526-693a-4831-991f-4ace2cbe92ad.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4750d526-693a-4831-991f-4ace2cbe92ad.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc.md b/bootloaders.io/content/bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc.md index 65a025d..d4187aa 100644 --- a/bootloaders.io/content/bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc.md +++ b/bootloaders.io/content/bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/47601d49-9a7e-4402-b5e3-69bc03788afc.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/47601d49-9a7e-4402-b5e3-69bc03788afc.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb.md b/bootloaders.io/content/bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb.md index b257331..79f6426 100644 --- a/bootloaders.io/content/bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb.md +++ b/bootloaders.io/content/bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4814d421-23eb-4222-8cc1-aab6645981fb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4814d421-23eb-4222-8cc1-aab6645981fb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee.md b/bootloaders.io/content/bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee.md index d4ef974..da2bd6d 100644 --- a/bootloaders.io/content/bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee.md +++ b/bootloaders.io/content/bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4885e5bd-31eb-4f63-af7f-efff02e753ee.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4885e5bd-31eb-4f63-af7f-efff02e753ee.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f.md b/bootloaders.io/content/bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f.md index c54ef83..1877837 100644 --- a/bootloaders.io/content/bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f.md +++ b/bootloaders.io/content/bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/48c8b841-9f1e-4557-ba59-91461142b90f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/48c8b841-9f1e-4557-ba59-91461142b90f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac.md b/bootloaders.io/content/bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac.md index d28028d..79a93ec 100644 --- a/bootloaders.io/content/bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac.md +++ b/bootloaders.io/content/bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/48d8feab-a988-4578-a65e-c6ba5f43ffac.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/48d8feab-a988-4578-a65e-c6ba5f43ffac.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367.md b/bootloaders.io/content/bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367.md index 0fb7ff5..9b041c3 100644 --- a/bootloaders.io/content/bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367.md +++ b/bootloaders.io/content/bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/48eb1fa0-a607-4967-8faf-20dc68913367.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/48eb1fa0-a607-4967-8faf-20dc68913367.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff.md b/bootloaders.io/content/bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff.md index 7762950..c57e07a 100644 --- a/bootloaders.io/content/bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff.md +++ b/bootloaders.io/content/bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4936b474-694a-4b6d-b023-1c868be1b2ff.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4936b474-694a-4b6d-b023-1c868be1b2ff.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/495a811b-db1c-41f6-88db-36688933fcec.md b/bootloaders.io/content/bootloaders/495a811b-db1c-41f6-88db-36688933fcec.md index e2b0470..7d38bb4 100644 --- a/bootloaders.io/content/bootloaders/495a811b-db1c-41f6-88db-36688933fcec.md +++ b/bootloaders.io/content/bootloaders/495a811b-db1c-41f6-88db-36688933fcec.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/495a811b-db1c-41f6-88db-36688933fcec.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/495a811b-db1c-41f6-88db-36688933fcec.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.md b/bootloaders.io/content/bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.md index eb6eee6..462eb44 100644 --- a/bootloaders.io/content/bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.md +++ b/bootloaders.io/content/bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/e2f5112aec3a2bdc5f267c18f8a6c071.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e2f5112aec3a2bdc5f267c18f8a6c071.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf.md b/bootloaders.io/content/bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf.md index 970e9f6..dadea2c 100644 --- a/bootloaders.io/content/bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf.md +++ b/bootloaders.io/content/bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4b37df07-e561-4581-977f-6eb984d0afbf.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4b37df07-e561-4581-977f-6eb984d0afbf.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4c768cdf-df02-45b1-9342-63389224b997.md b/bootloaders.io/content/bootloaders/4c768cdf-df02-45b1-9342-63389224b997.md index ec2d89a..213894c 100644 --- a/bootloaders.io/content/bootloaders/4c768cdf-df02-45b1-9342-63389224b997.md +++ b/bootloaders.io/content/bootloaders/4c768cdf-df02-45b1-9342-63389224b997.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4c768cdf-df02-45b1-9342-63389224b997.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4c768cdf-df02-45b1-9342-63389224b997.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5.md b/bootloaders.io/content/bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5.md index 5799ea0..7806b29 100644 --- a/bootloaders.io/content/bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5.md +++ b/bootloaders.io/content/bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4c9eca9d-f738-4fde-99da-f5f1536910f5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4c9eca9d-f738-4fde-99da-f5f1536910f5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.md b/bootloaders.io/content/bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.md index 6a5eb2a..c851445 100644 --- a/bootloaders.io/content/bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.md +++ b/bootloaders.io/content/bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.md b/bootloaders.io/content/bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.md index a9dcffc..72e8bda 100644 --- a/bootloaders.io/content/bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.md +++ b/bootloaders.io/content/bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.md @@ -22,7 +22,7 @@ This was provided by Blancco Technology Group and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/22534ca115844f647fd2698572201490.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/22534ca115844f647fd2698572201490.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4d31cfeb-3005-497a-b566-7062066398ab.md b/bootloaders.io/content/bootloaders/4d31cfeb-3005-497a-b566-7062066398ab.md index e1dde01..f18e711 100644 --- a/bootloaders.io/content/bootloaders/4d31cfeb-3005-497a-b566-7062066398ab.md +++ b/bootloaders.io/content/bootloaders/4d31cfeb-3005-497a-b566-7062066398ab.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/02e7a063eae0c4b80a6793fd63bac013.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/02e7a063eae0c4b80a6793fd63bac013.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4d31cfeb-3005-497a-b566-7062066398ab.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4d31cfeb-3005-497a-b566-7062066398ab.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.md b/bootloaders.io/content/bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.md index 58193ee..36c22fe 100644 --- a/bootloaders.io/content/bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.md +++ b/bootloaders.io/content/bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634.md b/bootloaders.io/content/bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634.md index dbd3ef4..c16b78c 100644 --- a/bootloaders.io/content/bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634.md +++ b/bootloaders.io/content/bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4e6a6f59-083f-4829-baa5-0c388a9a7634.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4e6a6f59-083f-4829-baa5-0c388a9a7634.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b.md b/bootloaders.io/content/bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b.md index c774d83..bda4b1b 100644 --- a/bootloaders.io/content/bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b.md +++ b/bootloaders.io/content/bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4e70304f-ec00-41a5-b542-69701b5df29b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4e70304f-ec00-41a5-b542-69701b5df29b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1.md b/bootloaders.io/content/bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1.md index a64615f..4780e49 100644 --- a/bootloaders.io/content/bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1.md +++ b/bootloaders.io/content/bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4f2db5df-2730-4e9e-aa70-51029d2540d1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4f2db5df-2730-4e9e-aa70-51029d2540d1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4f434341-9305-4574-9289-5bd1370108c7.md b/bootloaders.io/content/bootloaders/4f434341-9305-4574-9289-5bd1370108c7.md index d628ce1..37666c2 100644 --- a/bootloaders.io/content/bootloaders/4f434341-9305-4574-9289-5bd1370108c7.md +++ b/bootloaders.io/content/bootloaders/4f434341-9305-4574-9289-5bd1370108c7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4f434341-9305-4574-9289-5bd1370108c7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4f434341-9305-4574-9289-5bd1370108c7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6.md b/bootloaders.io/content/bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6.md index b84c660..b2e2582 100644 --- a/bootloaders.io/content/bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6.md +++ b/bootloaders.io/content/bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6.md @@ -22,7 +22,7 @@ This was provided by Oracle America, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/4feb177a-ce68-4853-9874-5b834a0b9cb6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4feb177a-ce68-4853-9874-5b834a0b9cb6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd.md b/bootloaders.io/content/bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd.md index ba895e5..d0ad2a0 100644 --- a/bootloaders.io/content/bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd.md +++ b/bootloaders.io/content/bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/513ff7cf-418a-4405-9020-8044f5ce24cd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/513ff7cf-418a-4405-9020-8044f5ce24cd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0.md b/bootloaders.io/content/bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0.md index dc9b771..802a71c 100644 --- a/bootloaders.io/content/bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0.md +++ b/bootloaders.io/content/bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/518b78e7-eeb3-43b0-a377-acfa0e831ce0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/518b78e7-eeb3-43b0-a377-acfa0e831ce0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417.md b/bootloaders.io/content/bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417.md index ab9a0e1..063da69 100644 --- a/bootloaders.io/content/bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417.md +++ b/bootloaders.io/content/bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417.md @@ -22,7 +22,7 @@ This was provided by Now Computing LLC and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/51d3afbe-d378-492d-86fc-3afcf9396417.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/51d3afbe-d378-492d-86fc-3afcf9396417.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436.md b/bootloaders.io/content/bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436.md index 82dbfb3..eddb11a 100644 --- a/bootloaders.io/content/bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436.md +++ b/bootloaders.io/content/bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/51f20c00-6e15-4b45-852a-8f62e6f55436.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/51f20c00-6e15-4b45-852a-8f62e6f55436.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a.md b/bootloaders.io/content/bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a.md index b926fe6..c2b8bb5 100644 --- a/bootloaders.io/content/bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a.md +++ b/bootloaders.io/content/bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/ec46eab41a4c2ffd8c352d6e0dea430b.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ec46eab41a4c2ffd8c352d6e0dea430b.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/52a629bd-deb4-4e92-aa7c-3e4c301a086a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/52a629bd-deb4-4e92-aa7c-3e4c301a086a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/52d2d179-addb-4556-a244-d085e0aefad2.md b/bootloaders.io/content/bootloaders/52d2d179-addb-4556-a244-d085e0aefad2.md index feb6239..f4cb789 100644 --- a/bootloaders.io/content/bootloaders/52d2d179-addb-4556-a244-d085e0aefad2.md +++ b/bootloaders.io/content/bootloaders/52d2d179-addb-4556-a244-d085e0aefad2.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/52d2d179-addb-4556-a244-d085e0aefad2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/52d2d179-addb-4556-a244-d085e0aefad2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6.md b/bootloaders.io/content/bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6.md index 81af44e..e93592c 100644 --- a/bootloaders.io/content/bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6.md +++ b/bootloaders.io/content/bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/6d83b980fd7541fbe793a891b95d5621.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/6d83b980fd7541fbe793a891b95d5621.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/52f8c789-bc20-45cd-a1b6-8a564b18fff6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/52f8c789-bc20-45cd-a1b6-8a564b18fff6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4.md b/bootloaders.io/content/bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4.md index 2e4c0b6..7dc9f58 100644 --- a/bootloaders.io/content/bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4.md +++ b/bootloaders.io/content/bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4.md @@ -22,7 +22,7 @@ This was provided by CPSD and revoked Aug-22 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/530ab1a9-d9a6-4f01-986a-5b69c99400b4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/530ab1a9-d9a6-4f01-986a-5b69c99400b4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.md b/bootloaders.io/content/bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.md index ef653da..ddf5d34 100644 --- a/bootloaders.io/content/bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.md +++ b/bootloaders.io/content/bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.md b/bootloaders.io/content/bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.md index 8a61fc4..ae3e894 100644 --- a/bootloaders.io/content/bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.md +++ b/bootloaders.io/content/bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1.md b/bootloaders.io/content/bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1.md index 9446308..82d8e38 100644 --- a/bootloaders.io/content/bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1.md +++ b/bootloaders.io/content/bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/54a6f135-0fba-459b-8749-4a0764d690c1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/54a6f135-0fba-459b-8749-4a0764d690c1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/55b45543-5130-4632-b2a9-12f11c8da501.md b/bootloaders.io/content/bootloaders/55b45543-5130-4632-b2a9-12f11c8da501.md index 95b3cff..0a3f5d7 100644 --- a/bootloaders.io/content/bootloaders/55b45543-5130-4632-b2a9-12f11c8da501.md +++ b/bootloaders.io/content/bootloaders/55b45543-5130-4632-b2a9-12f11c8da501.md @@ -22,7 +22,7 @@ This was provided by HP and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/55b45543-5130-4632-b2a9-12f11c8da501.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/55b45543-5130-4632-b2a9-12f11c8da501.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/568b07e2-3499-46e8-928a-843aff3217f5.md b/bootloaders.io/content/bootloaders/568b07e2-3499-46e8-928a-843aff3217f5.md index 3784fe5..a934385 100644 --- a/bootloaders.io/content/bootloaders/568b07e2-3499-46e8-928a-843aff3217f5.md +++ b/bootloaders.io/content/bootloaders/568b07e2-3499-46e8-928a-843aff3217f5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9a3221899f456225679f8e54739100ac.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9a3221899f456225679f8e54739100ac.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/568b07e2-3499-46e8-928a-843aff3217f5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/568b07e2-3499-46e8-928a-843aff3217f5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd.md b/bootloaders.io/content/bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd.md index 2f18d89..4b823b0 100644 --- a/bootloaders.io/content/bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd.md +++ b/bootloaders.io/content/bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/57416bf8-a14e-42bb-b668-d424222ffcdd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/57416bf8-a14e-42bb-b668-d424222ffcdd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.md b/bootloaders.io/content/bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.md index 227d70f..9fb5eb6 100644 --- a/bootloaders.io/content/bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.md +++ b/bootloaders.io/content/bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5.md b/bootloaders.io/content/bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5.md index cae4b0b..18d650c 100644 --- a/bootloaders.io/content/bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5.md +++ b/bootloaders.io/content/bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/57f3ded8-3e38-4146-88ad-92ae83c627d5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/57f3ded8-3e38-4146-88ad-92ae83c627d5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d.md b/bootloaders.io/content/bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d.md index 9c53290..abcddac 100644 --- a/bootloaders.io/content/bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d.md +++ b/bootloaders.io/content/bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/58907c65-5be5-4821-9c87-8d27b5a8840d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/58907c65-5be5-4821-9c87-8d27b5a8840d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929.md b/bootloaders.io/content/bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929.md index 444b770..241624b 100644 --- a/bootloaders.io/content/bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929.md +++ b/bootloaders.io/content/bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5891ca2a-61e6-4938-942b-bfcc61dcb929.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5891ca2a-61e6-4938-942b-bfcc61dcb929.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa.md b/bootloaders.io/content/bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa.md index 2775d2f..b53dd62 100644 --- a/bootloaders.io/content/bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa.md +++ b/bootloaders.io/content/bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/58c24252-f076-486b-90fb-5a1c7b922efa.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/58c24252-f076-486b-90fb-5a1c7b922efa.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/59605f2c-5575-464b-aacc-af09e949f153.md b/bootloaders.io/content/bootloaders/59605f2c-5575-464b-aacc-af09e949f153.md index a8d6bb9..137759b 100644 --- a/bootloaders.io/content/bootloaders/59605f2c-5575-464b-aacc-af09e949f153.md +++ b/bootloaders.io/content/bootloaders/59605f2c-5575-464b-aacc-af09e949f153.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/59605f2c-5575-464b-aacc-af09e949f153.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/59605f2c-5575-464b-aacc-af09e949f153.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e.md b/bootloaders.io/content/bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e.md index 9c45c9f..d82b74a 100644 --- a/bootloaders.io/content/bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e.md +++ b/bootloaders.io/content/bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/59b5e207-bca6-4425-b392-2fd0ed44935e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/59b5e207-bca6-4425-b392-2fd0ed44935e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d.md b/bootloaders.io/content/bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d.md index 6cce81f..098b2eb 100644 --- a/bootloaders.io/content/bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d.md +++ b/bootloaders.io/content/bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d.md @@ -22,7 +22,7 @@ This was provided by Alt Linux LTD and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/aed4e671b03d6e093a423c7593d423c0.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/aed4e671b03d6e093a423c7593d423c0.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/59b7d19b-fb7b-4641-b158-0d2f498e375d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/59b7d19b-fb7b-4641-b158-0d2f498e375d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42.md b/bootloaders.io/content/bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42.md index 88f6b39..0ad29b9 100644 --- a/bootloaders.io/content/bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42.md +++ b/bootloaders.io/content/bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5a1e393f-1595-4e4e-993e-7097a184ce42.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5a1e393f-1595-4e4e-993e-7097a184ce42.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58.md b/bootloaders.io/content/bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58.md index 04bb25e..8dd6ed5 100644 --- a/bootloaders.io/content/bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58.md +++ b/bootloaders.io/content/bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58.md @@ -22,7 +22,7 @@ This was provided by TrueCrypt Foundation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5abbd1d8-5850-4e54-9375-6a9639a8db58.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5abbd1d8-5850-4e54-9375-6a9639a8db58.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675.md b/bootloaders.io/content/bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675.md index 0073fd0..e16dd7e 100644 --- a/bootloaders.io/content/bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675.md +++ b/bootloaders.io/content/bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5b0c97fd-1a72-4f30-af67-1f398fef3675.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5b0c97fd-1a72-4f30-af67-1f398fef3675.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.md b/bootloaders.io/content/bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.md index d03e37d..4b48e94 100644 --- a/bootloaders.io/content/bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.md +++ b/bootloaders.io/content/bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/cd78242cb85f016a3ea62002c8f07c0d.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/cd78242cb85f016a3ea62002c8f07c0d.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6.md b/bootloaders.io/content/bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6.md index 192c9ba..e28ab11 100644 --- a/bootloaders.io/content/bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6.md +++ b/bootloaders.io/content/bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5cb571f7-050a-40db-a196-9ad7cd8afed6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5cb571f7-050a-40db-a196-9ad7cd8afed6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5d92da13-8976-4b19-871d-a9266e342121.md b/bootloaders.io/content/bootloaders/5d92da13-8976-4b19-871d-a9266e342121.md index ec2f278..16619fb 100644 --- a/bootloaders.io/content/bootloaders/5d92da13-8976-4b19-871d-a9266e342121.md +++ b/bootloaders.io/content/bootloaders/5d92da13-8976-4b19-871d-a9266e342121.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5d92da13-8976-4b19-871d-a9266e342121.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5d92da13-8976-4b19-871d-a9266e342121.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f.md b/bootloaders.io/content/bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f.md index a9ebb1f..d8a9ca9 100644 --- a/bootloaders.io/content/bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f.md +++ b/bootloaders.io/content/bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f.md @@ -22,7 +22,7 @@ This was provided by Alt Linux LTD and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5df619c2-4db7-43f4-95b6-a2e16ebf847f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5df619c2-4db7-43f4-95b6-a2e16ebf847f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88.md b/bootloaders.io/content/bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88.md index 967b8c6..7ae893c 100644 --- a/bootloaders.io/content/bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88.md +++ b/bootloaders.io/content/bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5ea7cfb0-5f73-4d02-925e-8161b423fa88.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5ea7cfb0-5f73-4d02-925e-8161b423fa88.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.md b/bootloaders.io/content/bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.md index b2029ea..d3aa076 100644 --- a/bootloaders.io/content/bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.md +++ b/bootloaders.io/content/bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c.md b/bootloaders.io/content/bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c.md index f68e41b..30ede87 100644 --- a/bootloaders.io/content/bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c.md +++ b/bootloaders.io/content/bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c.md @@ -22,7 +22,7 @@ This was provided by Miray Software AG and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/077432d8b1ae0ceea719297360357320.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/077432d8b1ae0ceea719297360357320.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5efb08ce-213c-49be-8c2b-0ae849f64b3c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5efb08ce-213c-49be-8c2b-0ae849f64b3c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97.md b/bootloaders.io/content/bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97.md index ec3d043..6e7f763 100644 --- a/bootloaders.io/content/bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97.md +++ b/bootloaders.io/content/bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97.md @@ -22,7 +22,7 @@ This was provided by Canonical and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/4a7dcdd069fcdf8d7319ea5e135403fb.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/4a7dcdd069fcdf8d7319ea5e135403fb.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/5f398d53-d42c-4c4c-acc2-b3766bf08b97.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5f398d53-d42c-4c4c-acc2-b3766bf08b97.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b.md b/bootloaders.io/content/bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b.md index 1911d6a..b9570da 100644 --- a/bootloaders.io/content/bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b.md +++ b/bootloaders.io/content/bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/69b63c494c676d3a1013a775b18568e8.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/69b63c494c676d3a1013a775b18568e8.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/60383f5c-6dcc-4df4-aad0-510733820a1b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/60383f5c-6dcc-4df4-aad0-510733820a1b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/60aaedd4-4eb0-485b-a534-82645695a185.md b/bootloaders.io/content/bootloaders/60aaedd4-4eb0-485b-a534-82645695a185.md index 1bded05..1cc07f8 100644 --- a/bootloaders.io/content/bootloaders/60aaedd4-4eb0-485b-a534-82645695a185.md +++ b/bootloaders.io/content/bootloaders/60aaedd4-4eb0-485b-a534-82645695a185.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/60aaedd4-4eb0-485b-a534-82645695a185.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/60aaedd4-4eb0-485b-a534-82645695a185.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.md b/bootloaders.io/content/bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.md index a35211d..6e0afba 100644 --- a/bootloaders.io/content/bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.md +++ b/bootloaders.io/content/bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b.md b/bootloaders.io/content/bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b.md index 4d82b25..f714453 100644 --- a/bootloaders.io/content/bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b.md +++ b/bootloaders.io/content/bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/3560dd8322a15d0e23d3747e32a04ebc.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/3560dd8322a15d0e23d3747e32a04ebc.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/61dad3bb-db5d-497c-8aca-74ae55991a3b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/61dad3bb-db5d-497c-8aca-74ae55991a3b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.md b/bootloaders.io/content/bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.md index 380ebb0..c479dd3 100644 --- a/bootloaders.io/content/bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.md +++ b/bootloaders.io/content/bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/83e596b8944ed413e5bbc0c51c0b64c6.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/83e596b8944ed413e5bbc0c51c0b64c6.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986.md b/bootloaders.io/content/bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986.md index d49e156..e1a8994 100644 --- a/bootloaders.io/content/bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986.md +++ b/bootloaders.io/content/bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986.md @@ -22,7 +22,7 @@ This was provided by Debian and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/8572a7c437a9bc92225906ce5fc04497.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8572a7c437a9bc92225906ce5fc04497.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/63cbc1a5-3884-4049-ad87-f32f77644986.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/63cbc1a5-3884-4049-ad87-f32f77644986.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.md b/bootloaders.io/content/bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.md index 6c8f894..8b060cc 100644 --- a/bootloaders.io/content/bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.md +++ b/bootloaders.io/content/bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.md @@ -22,7 +22,7 @@ This was provided by TeraByte Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/64508479-d4fc-4415-b202-d787a4d094e6.md b/bootloaders.io/content/bootloaders/64508479-d4fc-4415-b202-d787a4d094e6.md index b4892d2..257237c 100644 --- a/bootloaders.io/content/bootloaders/64508479-d4fc-4415-b202-d787a4d094e6.md +++ b/bootloaders.io/content/bootloaders/64508479-d4fc-4415-b202-d787a4d094e6.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/64508479-d4fc-4415-b202-d787a4d094e6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/64508479-d4fc-4415-b202-d787a4d094e6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.md b/bootloaders.io/content/bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.md index cdc4271..536ac14 100644 --- a/bootloaders.io/content/bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.md +++ b/bootloaders.io/content/bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee.md b/bootloaders.io/content/bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee.md index a1d3e83..7133c74 100644 --- a/bootloaders.io/content/bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee.md +++ b/bootloaders.io/content/bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/e7ae8ab50eae0f2730780d6e87a165cc.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e7ae8ab50eae0f2730780d6e87a165cc.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/66314d3b-bec0-4042-94f3-2744b5a337ee.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/66314d3b-bec0-4042-94f3-2744b5a337ee.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89.md b/bootloaders.io/content/bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89.md index 15e62c6..4abf96b 100644 --- a/bootloaders.io/content/bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89.md +++ b/bootloaders.io/content/bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/663a9b38-509f-4a27-b2b8-13801ce4ee89.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/663a9b38-509f-4a27-b2b8-13801ce4ee89.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59.md b/bootloaders.io/content/bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59.md index 06a813f..a2a3134 100644 --- a/bootloaders.io/content/bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59.md +++ b/bootloaders.io/content/bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/66d407b1-5e65-4314-89c3-cc6dd5c10d59.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/66d407b1-5e65-4314-89c3-cc6dd5c10d59.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899.md b/bootloaders.io/content/bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899.md index 2ce6418..ce77df3 100644 --- a/bootloaders.io/content/bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899.md +++ b/bootloaders.io/content/bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/5624304dd2172b7edb81741a5e7d2d06.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/5624304dd2172b7edb81741a5e7d2d06.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/66da17c5-7c1b-43c3-8520-4d3efea91899.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/66da17c5-7c1b-43c3-8520-4d3efea91899.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.md b/bootloaders.io/content/bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.md index 0cd7dc0..06cd16d 100644 --- a/bootloaders.io/content/bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.md +++ b/bootloaders.io/content/bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0.md b/bootloaders.io/content/bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0.md index 43b53c0..4401df9 100644 --- a/bootloaders.io/content/bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0.md +++ b/bootloaders.io/content/bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/67ae7723-5130-48c6-b24b-22a876c9c2c0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/67ae7723-5130-48c6-b24b-22a876c9c2c0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b.md b/bootloaders.io/content/bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b.md index 2c3b9bf..951d8f3 100644 --- a/bootloaders.io/content/bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b.md +++ b/bootloaders.io/content/bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/11ca417bc767273a9de7b1355cb2908e.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/11ca417bc767273a9de7b1355cb2908e.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/68bce846-d710-4c06-a74c-bdf24a87157b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/68bce846-d710-4c06-a74c-bdf24a87157b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/696a399a-9f49-485d-9753-63edd677f144.md b/bootloaders.io/content/bootloaders/696a399a-9f49-485d-9753-63edd677f144.md index f990793..6eff6c9 100644 --- a/bootloaders.io/content/bootloaders/696a399a-9f49-485d-9753-63edd677f144.md +++ b/bootloaders.io/content/bootloaders/696a399a-9f49-485d-9753-63edd677f144.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/696a399a-9f49-485d-9753-63edd677f144.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/696a399a-9f49-485d-9753-63edd677f144.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.md b/bootloaders.io/content/bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.md index 5f43654..0f2cde8 100644 --- a/bootloaders.io/content/bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.md +++ b/bootloaders.io/content/bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.md b/bootloaders.io/content/bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.md index 34a22f3..35b4eb6 100644 --- a/bootloaders.io/content/bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.md +++ b/bootloaders.io/content/bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/6ea89297-74dd-4581-b268-475a282c9592.md b/bootloaders.io/content/bootloaders/6ea89297-74dd-4581-b268-475a282c9592.md index f090513..86342f3 100644 --- a/bootloaders.io/content/bootloaders/6ea89297-74dd-4581-b268-475a282c9592.md +++ b/bootloaders.io/content/bootloaders/6ea89297-74dd-4581-b268-475a282c9592.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/6ea89297-74dd-4581-b268-475a282c9592.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/6ea89297-74dd-4581-b268-475a282c9592.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20.md b/bootloaders.io/content/bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20.md index c03ca93..65a9a43 100644 --- a/bootloaders.io/content/bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20.md +++ b/bootloaders.io/content/bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/6f2d1488-6c25-477a-97ad-e0a570723b20.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/6f2d1488-6c25-477a-97ad-e0a570723b20.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/70316201-97eb-4739-a72b-abdcd208e20b.md b/bootloaders.io/content/bootloaders/70316201-97eb-4739-a72b-abdcd208e20b.md index cf5f5c8..4a504ac 100644 --- a/bootloaders.io/content/bootloaders/70316201-97eb-4739-a72b-abdcd208e20b.md +++ b/bootloaders.io/content/bootloaders/70316201-97eb-4739-a72b-abdcd208e20b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/70316201-97eb-4739-a72b-abdcd208e20b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/70316201-97eb-4739-a72b-abdcd208e20b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c.md b/bootloaders.io/content/bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c.md index cc4af30..a002e7a 100644 --- a/bootloaders.io/content/bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c.md +++ b/bootloaders.io/content/bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7191ca91-6b37-4c4f-821c-a2df6c16e91c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7191ca91-6b37-4c4f-821c-a2df6c16e91c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/71999c6f-6195-4944-ad16-105579c98549.md b/bootloaders.io/content/bootloaders/71999c6f-6195-4944-ad16-105579c98549.md index 02f2555..e529b32 100644 --- a/bootloaders.io/content/bootloaders/71999c6f-6195-4944-ad16-105579c98549.md +++ b/bootloaders.io/content/bootloaders/71999c6f-6195-4944-ad16-105579c98549.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/71999c6f-6195-4944-ad16-105579c98549.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/71999c6f-6195-4944-ad16-105579c98549.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb.md b/bootloaders.io/content/bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb.md index f55a134..8859ffb 100644 --- a/bootloaders.io/content/bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb.md +++ b/bootloaders.io/content/bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/72b28839-6c76-40b4-b8ec-6582be7d81eb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/72b28839-6c76-40b4-b8ec-6582be7d81eb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.md b/bootloaders.io/content/bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.md index 159f9f0..623983d 100644 --- a/bootloaders.io/content/bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.md +++ b/bootloaders.io/content/bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.md @@ -22,7 +22,7 @@ This was provided by HP and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.md b/bootloaders.io/content/bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.md index 1cbc985..3fc7f18 100644 --- a/bootloaders.io/content/bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.md +++ b/bootloaders.io/content/bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/73fcc470-7c81-4385-8c78-933467e404cf.md b/bootloaders.io/content/bootloaders/73fcc470-7c81-4385-8c78-933467e404cf.md index a73f156..06bd951 100644 --- a/bootloaders.io/content/bootloaders/73fcc470-7c81-4385-8c78-933467e404cf.md +++ b/bootloaders.io/content/bootloaders/73fcc470-7c81-4385-8c78-933467e404cf.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/73fcc470-7c81-4385-8c78-933467e404cf.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/73fcc470-7c81-4385-8c78-933467e404cf.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7480e25e-d4dd-4e39-b652-33861111c011.md b/bootloaders.io/content/bootloaders/7480e25e-d4dd-4e39-b652-33861111c011.md index 1f443ab..640d047 100644 --- a/bootloaders.io/content/bootloaders/7480e25e-d4dd-4e39-b652-33861111c011.md +++ b/bootloaders.io/content/bootloaders/7480e25e-d4dd-4e39-b652-33861111c011.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7480e25e-d4dd-4e39-b652-33861111c011.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7480e25e-d4dd-4e39-b652-33861111c011.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.md b/bootloaders.io/content/bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.md index d2dc269..0e62859 100644 --- a/bootloaders.io/content/bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.md +++ b/bootloaders.io/content/bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183.md b/bootloaders.io/content/bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183.md index e409e17..90365c7 100644 --- a/bootloaders.io/content/bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183.md +++ b/bootloaders.io/content/bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7520fd68-dbc4-4182-ab8e-2cc005024183.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7520fd68-dbc4-4182-ab8e-2cc005024183.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0.md b/bootloaders.io/content/bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0.md index c8856d0..411a65c 100644 --- a/bootloaders.io/content/bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0.md +++ b/bootloaders.io/content/bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7550a473-863a-43f8-aad7-fff5be3977f0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7550a473-863a-43f8-aad7-fff5be3977f0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec.md b/bootloaders.io/content/bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec.md index e12c53c..b413b65 100644 --- a/bootloaders.io/content/bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec.md +++ b/bootloaders.io/content/bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/a168299b9ced4e289f438408b6a047b6.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a168299b9ced4e289f438408b6a047b6.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7662d98a-0476-48dd-b532-8e6142d251ec.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7662d98a-0476-48dd-b532-8e6142d251ec.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4.md b/bootloaders.io/content/bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4.md index 5b8724e..3957425 100644 --- a/bootloaders.io/content/bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4.md +++ b/bootloaders.io/content/bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/5cdb3b41abea2f625c0a632f4ad2cddb.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/5cdb3b41abea2f625c0a632f4ad2cddb.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/76724735-ec57-4c1a-8712-f0267d21f0c4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/76724735-ec57-4c1a-8712-f0267d21f0c4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6.md b/bootloaders.io/content/bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6.md index 100afbc..5c90f22 100644 --- a/bootloaders.io/content/bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6.md +++ b/bootloaders.io/content/bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/76afa72a-2b55-4649-9fc2-3dbdc27456e6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/76afa72a-2b55-4649-9fc2-3dbdc27456e6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f.md b/bootloaders.io/content/bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f.md index 18f1b93..bf418f9 100644 --- a/bootloaders.io/content/bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f.md +++ b/bootloaders.io/content/bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/b93d4a486013424efe0fb34668b50b85.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/b93d4a486013424efe0fb34668b50b85.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/77a4c1f2-a194-4778-8074-4ba1d052129f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/77a4c1f2-a194-4778-8074-4ba1d052129f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.md b/bootloaders.io/content/bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.md index 193b412..9416007 100644 --- a/bootloaders.io/content/bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.md +++ b/bootloaders.io/content/bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.md @@ -22,7 +22,7 @@ This was provided by BITDEFENDER and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.md b/bootloaders.io/content/bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.md index 3a96624..96674db 100644 --- a/bootloaders.io/content/bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.md +++ b/bootloaders.io/content/bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux Products GmbH and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/79c58c75-492b-46fc-9788-59514261788a.md b/bootloaders.io/content/bootloaders/79c58c75-492b-46fc-9788-59514261788a.md index 2b7b44e..d62dafe 100644 --- a/bootloaders.io/content/bootloaders/79c58c75-492b-46fc-9788-59514261788a.md +++ b/bootloaders.io/content/bootloaders/79c58c75-492b-46fc-9788-59514261788a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/79c58c75-492b-46fc-9788-59514261788a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/79c58c75-492b-46fc-9788-59514261788a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7a216607-3204-4536-9507-a3beccc529a8.md b/bootloaders.io/content/bootloaders/7a216607-3204-4536-9507-a3beccc529a8.md index 2bf25b3..24c74eb 100644 --- a/bootloaders.io/content/bootloaders/7a216607-3204-4536-9507-a3beccc529a8.md +++ b/bootloaders.io/content/bootloaders/7a216607-3204-4536-9507-a3beccc529a8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/87b6d22295a16073d8d456fc574441a8.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/87b6d22295a16073d8d456fc574441a8.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7a216607-3204-4536-9507-a3beccc529a8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7a216607-3204-4536-9507-a3beccc529a8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b.md b/bootloaders.io/content/bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b.md index 8695712..c90401f 100644 --- a/bootloaders.io/content/bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b.md +++ b/bootloaders.io/content/bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b.md @@ -22,7 +22,7 @@ This was provided by Oracle America, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7ad06c0c-5595-41e6-8049-b051fa3e931b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7ad06c0c-5595-41e6-8049-b051fa3e931b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.md b/bootloaders.io/content/bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.md index e7ac5e9..1c2b248 100644 --- a/bootloaders.io/content/bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.md +++ b/bootloaders.io/content/bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.md b/bootloaders.io/content/bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.md index 34239fb..479ecb5 100644 --- a/bootloaders.io/content/bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.md +++ b/bootloaders.io/content/bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.md b/bootloaders.io/content/bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.md index 6f29962..d31f3a6 100644 --- a/bootloaders.io/content/bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.md +++ b/bootloaders.io/content/bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/a442859fd33fbf61ed0ea28bbf33bdbb.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a442859fd33fbf61ed0ea28bbf33bdbb.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64.md b/bootloaders.io/content/bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64.md index 74b6450..b3b91f5 100644 --- a/bootloaders.io/content/bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64.md +++ b/bootloaders.io/content/bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7ca92d66-191e-469f-8320-a1f67a1eaa64.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7ca92d66-191e-469f-8320-a1f67a1eaa64.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c.md b/bootloaders.io/content/bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c.md index a99ee59..4f33010 100644 --- a/bootloaders.io/content/bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c.md +++ b/bootloaders.io/content/bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/92f1d7fd78d0353c62e5dc8e81f558e2.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/92f1d7fd78d0353c62e5dc8e81f558e2.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7cb68e8b-c07d-4b76-9af0-0936553f516c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7cb68e8b-c07d-4b76-9af0-0936553f516c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e.md b/bootloaders.io/content/bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e.md index b5f83f0..ccc0b32 100644 --- a/bootloaders.io/content/bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e.md +++ b/bootloaders.io/content/bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/aa8eae148f6ac90c370eb50c88b974e1.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/aa8eae148f6ac90c370eb50c88b974e1.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7cd28475-a974-4b4b-becd-b57b605d2b9e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7cd28475-a974-4b4b-becd-b57b605d2b9e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e.md b/bootloaders.io/content/bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e.md index 2ccde01..a710f11 100644 --- a/bootloaders.io/content/bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e.md +++ b/bootloaders.io/content/bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7cefffba-3701-43ff-96a7-7a66f008805e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7cefffba-3701-43ff-96a7-7a66f008805e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.md b/bootloaders.io/content/bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.md index 4a59880..8ff332b 100644 --- a/bootloaders.io/content/bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.md +++ b/bootloaders.io/content/bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0.md b/bootloaders.io/content/bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0.md index bf6b167..deefa77 100644 --- a/bootloaders.io/content/bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0.md +++ b/bootloaders.io/content/bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/7e81b1d7-7526-4958-98cf-688b36cf8ea0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7e81b1d7-7526-4958-98cf-688b36cf8ea0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46.md b/bootloaders.io/content/bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46.md index 8d1635e..c973643 100644 --- a/bootloaders.io/content/bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46.md +++ b/bootloaders.io/content/bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8041563b-fe86-4183-9409-a479ef4f9b46.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8041563b-fe86-4183-9409-a479ef4f9b46.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4.md b/bootloaders.io/content/bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4.md index 98d7393..213cefb 100644 --- a/bootloaders.io/content/bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4.md +++ b/bootloaders.io/content/bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/81ea3a10-a003-4839-ae9f-52cb700d38d4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/81ea3a10-a003-4839-ae9f-52cb700d38d4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719.md b/bootloaders.io/content/bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719.md index 470fe8d..d47b964 100644 --- a/bootloaders.io/content/bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719.md +++ b/bootloaders.io/content/bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/81f3828a-1a59-4fc2-a34e-d1f297f0f719.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/81f3828a-1a59-4fc2-a34e-d1f297f0f719.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e.md b/bootloaders.io/content/bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e.md index 7b56902..272e8c3 100644 --- a/bootloaders.io/content/bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e.md +++ b/bootloaders.io/content/bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e.md @@ -22,7 +22,7 @@ This was provided by CPSD and revoked Aug-22 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/82bfbd61-4cd5-490f-853a-3486090e0d3e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/82bfbd61-4cd5-490f-853a-3486090e0d3e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6.md b/bootloaders.io/content/bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6.md index 3979bc6..baf37bf 100644 --- a/bootloaders.io/content/bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6.md +++ b/bootloaders.io/content/bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/837d8bdc-6458-4eba-87cf-c82a32d1eca6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/837d8bdc-6458-4eba-87cf-c82a32d1eca6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af.md b/bootloaders.io/content/bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af.md index 484c777..f41b151 100644 --- a/bootloaders.io/content/bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af.md +++ b/bootloaders.io/content/bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/841c43d9-b7a0-40a7-ae7c-fc1affb759af.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/841c43d9-b7a0-40a7-ae7c-fc1affb759af.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133.md b/bootloaders.io/content/bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133.md index 596a6b7..8ccfe18 100644 --- a/bootloaders.io/content/bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133.md +++ b/bootloaders.io/content/bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/86f6426a9b47dc73eb8c8bafbb46799f.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/86f6426a9b47dc73eb8c8bafbb46799f.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/84dbe789-ccc2-4988-a6f0-b4c74b74e133.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/84dbe789-ccc2-4988-a6f0-b4c74b74e133.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.md b/bootloaders.io/content/bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.md index cebb037..3014067 100644 --- a/bootloaders.io/content/bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.md +++ b/bootloaders.io/content/bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9.md b/bootloaders.io/content/bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9.md index 8603af4..67162c8 100644 --- a/bootloaders.io/content/bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9.md +++ b/bootloaders.io/content/bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/87e606dee08705c7ac75737a83a6e063.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/87e606dee08705c7ac75737a83a6e063.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/854018eb-0eb9-4c45-8c0c-edb859445cb9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/854018eb-0eb9-4c45-8c0c-edb859445cb9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422.md b/bootloaders.io/content/bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422.md index e0dbb04..2354808 100644 --- a/bootloaders.io/content/bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422.md +++ b/bootloaders.io/content/bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/bf4168403960a0df177f58277f06250c.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/bf4168403960a0df177f58277f06250c.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/85443af0-4180-4b3e-978c-e3d8c8d35422.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/85443af0-4180-4b3e-978c-e3d8c8d35422.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.md b/bootloaders.io/content/bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.md index 530d1b8..ea7caa0 100644 --- a/bootloaders.io/content/bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.md +++ b/bootloaders.io/content/bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.md @@ -22,7 +22,7 @@ This was provided by New Horizon Datasys Inc and revoked Aug-22 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/1c9670b5add3e4d6aa442a53427f422a.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1c9670b5add3e4d6aa442a53427f422a.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -141,10 +141,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -209,7 +211,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a.md b/bootloaders.io/content/bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a.md index e38e763..293c92b 100644 --- a/bootloaders.io/content/bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a.md +++ b/bootloaders.io/content/bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/f512804db694f319cf51306dd2c2c618.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f512804db694f319cf51306dd2c2c618.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/865cadf5-d63e-438b-a8e9-44591fb69d2a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/865cadf5-d63e-438b-a8e9-44591fb69d2a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe.md b/bootloaders.io/content/bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe.md index 0032c55..791bba9 100644 --- a/bootloaders.io/content/bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe.md +++ b/bootloaders.io/content/bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe.md @@ -22,7 +22,7 @@ This was provided by EgoSecure and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/87813fcd-6a01-4452-b54c-0dc24402bbfe.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/87813fcd-6a01-4452-b54c-0dc24402bbfe.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb.md b/bootloaders.io/content/bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb.md index bb563f9..186e1f7 100644 --- a/bootloaders.io/content/bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb.md +++ b/bootloaders.io/content/bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/887e3ac7-c597-4327-86cc-29936e2f8cdb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/887e3ac7-c597-4327-86cc-29936e2f8cdb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.md b/bootloaders.io/content/bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.md index e7e7ac3..3b09ac0 100644 --- a/bootloaders.io/content/bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.md +++ b/bootloaders.io/content/bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9.md b/bootloaders.io/content/bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9.md index 2db0e9a..e39e388 100644 --- a/bootloaders.io/content/bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9.md +++ b/bootloaders.io/content/bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/89393561-f676-4029-a1ca-88a4c4fa03b9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/89393561-f676-4029-a1ca-88a4c4fa03b9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7.md b/bootloaders.io/content/bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7.md index 160a412..fdcb069 100644 --- a/bootloaders.io/content/bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7.md +++ b/bootloaders.io/content/bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/897f5834-55db-41fc-a4ca-9d880ca00ec7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/897f5834-55db-41fc-a4ca-9d880ca00ec7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.md b/bootloaders.io/content/bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.md index 0bd1f75..490eaf3 100644 --- a/bootloaders.io/content/bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.md +++ b/bootloaders.io/content/bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.md b/bootloaders.io/content/bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.md index 9b247e4..5ea3e02 100644 --- a/bootloaders.io/content/bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.md +++ b/bootloaders.io/content/bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/e297beb49756fef9d2bcad4b860426b3.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e297beb49756fef9d2bcad4b860426b3.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3.md b/bootloaders.io/content/bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3.md index acf365a..00eee62 100644 --- a/bootloaders.io/content/bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3.md +++ b/bootloaders.io/content/bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3.md @@ -22,7 +22,7 @@ This was provided by Isoo Software Dev Co Ltd and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/b1aea18419d0643fb2e4d8f6da2ae461.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/b1aea18419d0643fb2e4d8f6da2ae461.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8b88b928-4717-4a30-832e-dcb3bb15b7a3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8b88b928-4717-4a30-832e-dcb3bb15b7a3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01.md b/bootloaders.io/content/bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01.md index bdc709f..1fa035a 100644 --- a/bootloaders.io/content/bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01.md +++ b/bootloaders.io/content/bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/37d03ef09bf90e11e07eed536a7fed7e.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/37d03ef09bf90e11e07eed536a7fed7e.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8c855009-8e77-4446-acf1-17ce8b445b01.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8c855009-8e77-4446-acf1-17ce8b445b01.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f.md b/bootloaders.io/content/bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f.md index 80dea16..4183583 100644 --- a/bootloaders.io/content/bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f.md +++ b/bootloaders.io/content/bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/ee4b2aa959df5211204c6165df138ecd.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ee4b2aa959df5211204c6165df138ecd.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8cb4f77a-a709-4aa9-9563-a21d26fc900f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8cb4f77a-a709-4aa9-9563-a21d26fc900f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779.md b/bootloaders.io/content/bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779.md index 5037f00..49f1667 100644 --- a/bootloaders.io/content/bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779.md +++ b/bootloaders.io/content/bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8ceef305-f81d-4d24-bb34-2adf41c5b779.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8ceef305-f81d-4d24-bb34-2adf41c5b779.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91.md b/bootloaders.io/content/bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91.md index 45dd233..4c66922 100644 --- a/bootloaders.io/content/bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91.md +++ b/bootloaders.io/content/bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8d43face-8444-4bf2-ac71-c0213d06ef91.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8d43face-8444-4bf2-ac71-c0213d06ef91.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1.md b/bootloaders.io/content/bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1.md index de2b641..e8352e1 100644 --- a/bootloaders.io/content/bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1.md +++ b/bootloaders.io/content/bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8e051211-3998-46bf-abf0-cfba6699c4f1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8e051211-3998-46bf-abf0-cfba6699c4f1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045.md b/bootloaders.io/content/bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045.md index d60d66f..1973f4e 100644 --- a/bootloaders.io/content/bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045.md +++ b/bootloaders.io/content/bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8e87c22a-ea23-4f89-bee2-c301e31b4045.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8e87c22a-ea23-4f89-bee2-c301e31b4045.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.md b/bootloaders.io/content/bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.md index c7dc1ca..4b8caba 100644 --- a/bootloaders.io/content/bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.md +++ b/bootloaders.io/content/bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9ea079774ed23df340ecc523ddf68045.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9ea079774ed23df340ecc523ddf68045.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3.md b/bootloaders.io/content/bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3.md index 4e100ef..f3db588 100644 --- a/bootloaders.io/content/bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3.md +++ b/bootloaders.io/content/bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9091dbdc-0263-43e1-a886-3c18c6532dd3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9091dbdc-0263-43e1-a886-3c18c6532dd3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a.md b/bootloaders.io/content/bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a.md index 4868407..4da644c 100644 --- a/bootloaders.io/content/bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a.md +++ b/bootloaders.io/content/bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/90d2feb1-4600-4854-9a4e-fbf54b14c72a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/90d2feb1-4600-4854-9a4e-fbf54b14c72a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/90e05866-5975-498c-bab9-1a71dd286011.md b/bootloaders.io/content/bootloaders/90e05866-5975-498c-bab9-1a71dd286011.md index e3549cf..2ada26a 100644 --- a/bootloaders.io/content/bootloaders/90e05866-5975-498c-bab9-1a71dd286011.md +++ b/bootloaders.io/content/bootloaders/90e05866-5975-498c-bab9-1a71dd286011.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/90e05866-5975-498c-bab9-1a71dd286011.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/90e05866-5975-498c-bab9-1a71dd286011.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc.md b/bootloaders.io/content/bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc.md index 0af40b5..6bb1181 100644 --- a/bootloaders.io/content/bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc.md +++ b/bootloaders.io/content/bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c6697cdbcf51cc54053438e644243327.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c6697cdbcf51cc54053438e644243327.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9164d869-3953-40eb-91e4-26a837e3aacc.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9164d869-3953-40eb-91e4-26a837e3aacc.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1.md b/bootloaders.io/content/bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1.md index 58d07ff..f9a97c2 100644 --- a/bootloaders.io/content/bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1.md +++ b/bootloaders.io/content/bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/77fefa9f6ac9273ee5edb4d19e87d348.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/77fefa9f6ac9273ee5edb4d19e87d348.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9308b260-6695-43ee-bddb-a90f20e035f1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9308b260-6695-43ee-bddb-a90f20e035f1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/934f9364-3471-415f-a502-036969a78958.md b/bootloaders.io/content/bootloaders/934f9364-3471-415f-a502-036969a78958.md index ce44417..a6303ab 100644 --- a/bootloaders.io/content/bootloaders/934f9364-3471-415f-a502-036969a78958.md +++ b/bootloaders.io/content/bootloaders/934f9364-3471-415f-a502-036969a78958.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/934f9364-3471-415f-a502-036969a78958.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/934f9364-3471-415f-a502-036969a78958.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.md b/bootloaders.io/content/bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.md index 82c9ade..9eec6ad 100644 --- a/bootloaders.io/content/bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.md +++ b/bootloaders.io/content/bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/bc5372019b75e9e8257a83a86bd0b33d.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/bc5372019b75e9e8257a83a86bd0b33d.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.md b/bootloaders.io/content/bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.md index 9865e59..4aa2763 100644 --- a/bootloaders.io/content/bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.md +++ b/bootloaders.io/content/bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e.md b/bootloaders.io/content/bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e.md index 376694c..9184fe5 100644 --- a/bootloaders.io/content/bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e.md +++ b/bootloaders.io/content/bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/94c6901b-e217-41cf-a4c7-b62763759d3e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/94c6901b-e217-41cf-a4c7-b62763759d3e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347.md b/bootloaders.io/content/bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347.md index cd22bf1..234168f 100644 --- a/bootloaders.io/content/bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347.md +++ b/bootloaders.io/content/bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/94e35789-58de-436e-b04a-8a7b7ded8347.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/94e35789-58de-436e-b04a-8a7b7ded8347.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1.md b/bootloaders.io/content/bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1.md index d0dc62b..67b7cd4 100644 --- a/bootloaders.io/content/bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1.md +++ b/bootloaders.io/content/bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9517d1f7-d485-4c7e-95b9-bdf297b342e1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9517d1f7-d485-4c7e-95b9-bdf297b342e1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.md b/bootloaders.io/content/bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.md index 15862cd..99b9514 100644 --- a/bootloaders.io/content/bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.md +++ b/bootloaders.io/content/bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee.md b/bootloaders.io/content/bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee.md index c0cac94..0066f7b 100644 --- a/bootloaders.io/content/bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee.md +++ b/bootloaders.io/content/bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/97efcb29-1524-4142-923b-4395a39fe3ee.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/97efcb29-1524-4142-923b-4395a39fe3ee.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2.md b/bootloaders.io/content/bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2.md index f6bc2bc..c6fb309 100644 --- a/bootloaders.io/content/bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2.md +++ b/bootloaders.io/content/bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/989b4dda-91c9-4903-9027-6ff3e74738b2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/989b4dda-91c9-4903-9027-6ff3e74738b2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.md b/bootloaders.io/content/bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.md index a674d3d..0417daf 100644 --- a/bootloaders.io/content/bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.md +++ b/bootloaders.io/content/bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c.md b/bootloaders.io/content/bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c.md index 0718683..f0f5bc2 100644 --- a/bootloaders.io/content/bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c.md +++ b/bootloaders.io/content/bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c.md @@ -22,7 +22,7 @@ This was provided by Trend Micro and revoked Mar-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/990b3c53-97bc-4fd8-a212-e60c6fda898c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/990b3c53-97bc-4fd8-a212-e60c6fda898c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6.md b/bootloaders.io/content/bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6.md index 8c703f2..0b6209e 100644 --- a/bootloaders.io/content/bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6.md +++ b/bootloaders.io/content/bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/997fb55c-0910-48f0-adf7-33f2e50473c6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/997fb55c-0910-48f0-adf7-33f2e50473c6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6.md b/bootloaders.io/content/bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6.md index f3599ed..b6da553 100644 --- a/bootloaders.io/content/bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6.md +++ b/bootloaders.io/content/bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/99b952f7-5438-417b-9dab-c318bdcd75e6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/99b952f7-5438-417b-9dab-c318bdcd75e6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06.md b/bootloaders.io/content/bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06.md index 7f13ae9..6a19a65 100644 --- a/bootloaders.io/content/bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06.md +++ b/bootloaders.io/content/bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9a34a20c-afea-4d1e-9109-fb7354066e06.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9a34a20c-afea-4d1e-9109-fb7354066e06.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.md b/bootloaders.io/content/bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.md index 501895a..0a526f2 100644 --- a/bootloaders.io/content/bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.md +++ b/bootloaders.io/content/bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.md b/bootloaders.io/content/bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.md index 962a090..bd33ab3 100644 --- a/bootloaders.io/content/bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.md +++ b/bootloaders.io/content/bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9ad7a737-68be-4ce9-9595-30623e887396.md b/bootloaders.io/content/bootloaders/9ad7a737-68be-4ce9-9595-30623e887396.md index 13417fc..661adf2 100644 --- a/bootloaders.io/content/bootloaders/9ad7a737-68be-4ce9-9595-30623e887396.md +++ b/bootloaders.io/content/bootloaders/9ad7a737-68be-4ce9-9595-30623e887396.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/6c1910730f135cbd5a78e3a48520e647.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/6c1910730f135cbd5a78e3a48520e647.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9ad7a737-68be-4ce9-9595-30623e887396.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9ad7a737-68be-4ce9-9595-30623e887396.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039.md b/bootloaders.io/content/bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039.md index ef64129..7647131 100644 --- a/bootloaders.io/content/bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039.md +++ b/bootloaders.io/content/bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039.md @@ -22,7 +22,7 @@ This was provided by NTI Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/e2be3deb5a33615e127a7b2930bb544a.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e2be3deb5a33615e127a7b2930bb544a.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9ae39650-46fc-402d-a4dc-569ce8411039.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9ae39650-46fc-402d-a4dc-569ce8411039.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.md b/bootloaders.io/content/bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.md index 1a12c3d..a24e634 100644 --- a/bootloaders.io/content/bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.md +++ b/bootloaders.io/content/bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937.md b/bootloaders.io/content/bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937.md index 0718f30..80beffb 100644 --- a/bootloaders.io/content/bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937.md +++ b/bootloaders.io/content/bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9b9f7199-24ed-4372-8247-e420ab0b7937.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9b9f7199-24ed-4372-8247-e420ab0b7937.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a.md b/bootloaders.io/content/bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a.md index 2b6f7f9..6c5dade 100644 --- a/bootloaders.io/content/bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a.md +++ b/bootloaders.io/content/bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9be3b201-fec5-4264-b56b-81d4535b4c9a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9be3b201-fec5-4264-b56b-81d4535b4c9a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9d219a02-b011-4466-8b2c-6fd725593454.md b/bootloaders.io/content/bootloaders/9d219a02-b011-4466-8b2c-6fd725593454.md index 975e262..0f5b1a9 100644 --- a/bootloaders.io/content/bootloaders/9d219a02-b011-4466-8b2c-6fd725593454.md +++ b/bootloaders.io/content/bootloaders/9d219a02-b011-4466-8b2c-6fd725593454.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9d219a02-b011-4466-8b2c-6fd725593454.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9d219a02-b011-4466-8b2c-6fd725593454.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753.md b/bootloaders.io/content/bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753.md index 3dde863..6a570de 100644 --- a/bootloaders.io/content/bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753.md +++ b/bootloaders.io/content/bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c73ed000259378b96a9c57c588fc6ef0.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c73ed000259378b96a9c57c588fc6ef0.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9d795efb-5f1e-4db5-920d-97de9ba77753.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9d795efb-5f1e-4db5-920d-97de9ba77753.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.md b/bootloaders.io/content/bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.md index 8c4718a..1d47048 100644 --- a/bootloaders.io/content/bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.md +++ b/bootloaders.io/content/bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.md b/bootloaders.io/content/bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.md index 88b2373..d7b456e 100644 --- a/bootloaders.io/content/bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.md +++ b/bootloaders.io/content/bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/8000831e91c318757fa911d4c879dc02.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8000831e91c318757fa911d4c879dc02.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.md b/bootloaders.io/content/bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.md index a8d3ac1..becc2ce 100644 --- a/bootloaders.io/content/bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.md +++ b/bootloaders.io/content/bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.md b/bootloaders.io/content/bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.md index 2f6658f..912534a 100644 --- a/bootloaders.io/content/bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.md +++ b/bootloaders.io/content/bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7.md b/bootloaders.io/content/bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7.md index 974fcdb..c233b1b 100644 --- a/bootloaders.io/content/bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7.md +++ b/bootloaders.io/content/bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a205120a-b99d-4e65-a96d-b8092539c1d7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a205120a-b99d-4e65-a96d-b8092539c1d7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35.md b/bootloaders.io/content/bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35.md index 167e193..7fb462e 100644 --- a/bootloaders.io/content/bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35.md +++ b/bootloaders.io/content/bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a24fcdef-7393-4141-ae9a-f97fce196c35.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a24fcdef-7393-4141-ae9a-f97fce196c35.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.md b/bootloaders.io/content/bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.md index bddb62e..f989b07 100644 --- a/bootloaders.io/content/bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.md +++ b/bootloaders.io/content/bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/3827b6fa1f4022001328be9d79e33b18.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/3827b6fa1f4022001328be9d79e33b18.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a280d6df-a426-4031-8dc8-31473975f92b.md b/bootloaders.io/content/bootloaders/a280d6df-a426-4031-8dc8-31473975f92b.md index 64a302c..a73e735 100644 --- a/bootloaders.io/content/bootloaders/a280d6df-a426-4031-8dc8-31473975f92b.md +++ b/bootloaders.io/content/bootloaders/a280d6df-a426-4031-8dc8-31473975f92b.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a280d6df-a426-4031-8dc8-31473975f92b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a280d6df-a426-4031-8dc8-31473975f92b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.md b/bootloaders.io/content/bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.md index 26b61a6..98ed080 100644 --- a/bootloaders.io/content/bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.md +++ b/bootloaders.io/content/bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.md b/bootloaders.io/content/bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.md index 5304bfb..f63241b 100644 --- a/bootloaders.io/content/bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.md +++ b/bootloaders.io/content/bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.md b/bootloaders.io/content/bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.md index 97111b7..3752308 100644 --- a/bootloaders.io/content/bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.md +++ b/bootloaders.io/content/bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092.md b/bootloaders.io/content/bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092.md index 02a7ed0..ad12b13 100644 --- a/bootloaders.io/content/bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092.md +++ b/bootloaders.io/content/bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092.md @@ -22,7 +22,7 @@ This was provided by SEAGATE Technology and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/ca747f0a7e1bcbc51cf4f9cd2a17f9a5.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ca747f0a7e1bcbc51cf4f9cd2a17f9a5.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a3bbd629-976b-4804-b5ea-2e62ee592092.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a3bbd629-976b-4804-b5ea-2e62ee592092.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b.md b/bootloaders.io/content/bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b.md index 415cca7..6ae861e 100644 --- a/bootloaders.io/content/bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b.md +++ b/bootloaders.io/content/bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/7c2bf377d0edb86f010d202d48024145.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7c2bf377d0edb86f010d202d48024145.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a434e53e-5631-4181-bd2e-47c546370f7b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a434e53e-5631-4181-bd2e-47c546370f7b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.md b/bootloaders.io/content/bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.md index 2908e07..482f14e 100644 --- a/bootloaders.io/content/bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.md +++ b/bootloaders.io/content/bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.md b/bootloaders.io/content/bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.md index 5ac7e55..faa443c 100644 --- a/bootloaders.io/content/bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.md +++ b/bootloaders.io/content/bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674.md b/bootloaders.io/content/bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674.md index 94ad39b..3f3c2cd 100644 --- a/bootloaders.io/content/bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674.md +++ b/bootloaders.io/content/bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a544e544-0e7e-4fcc-9195-e10564ba5674.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a544e544-0e7e-4fcc-9195-e10564ba5674.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9.md b/bootloaders.io/content/bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9.md index 6855e99..80dadb8 100644 --- a/bootloaders.io/content/bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9.md +++ b/bootloaders.io/content/bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a6597859-17b0-44f9-b8d8-493a0ff20ed9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a6597859-17b0-44f9-b8d8-493a0ff20ed9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f.md b/bootloaders.io/content/bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f.md index 029b635..65fe3c7 100644 --- a/bootloaders.io/content/bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f.md +++ b/bootloaders.io/content/bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a74084e3-94b3-4674-99c8-e314f7f6241f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a74084e3-94b3-4674-99c8-e314f7f6241f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a77872f7-4890-473d-887f-bfd93f46641d.md b/bootloaders.io/content/bootloaders/a77872f7-4890-473d-887f-bfd93f46641d.md index e974ffd..70e8185 100644 --- a/bootloaders.io/content/bootloaders/a77872f7-4890-473d-887f-bfd93f46641d.md +++ b/bootloaders.io/content/bootloaders/a77872f7-4890-473d-887f-bfd93f46641d.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/6514d19c16df6d0d9cf75bba91350dcc.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/6514d19c16df6d0d9cf75bba91350dcc.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a77872f7-4890-473d-887f-bfd93f46641d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a77872f7-4890-473d-887f-bfd93f46641d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.md b/bootloaders.io/content/bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.md index 74b9c32..560ec4b 100644 --- a/bootloaders.io/content/bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.md +++ b/bootloaders.io/content/bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.md b/bootloaders.io/content/bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.md index 9ed516a..c131277 100644 --- a/bootloaders.io/content/bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.md +++ b/bootloaders.io/content/bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a8267643-bd8f-42e9-851a-86b986973758.md b/bootloaders.io/content/bootloaders/a8267643-bd8f-42e9-851a-86b986973758.md index fbf15aa..03d4594 100644 --- a/bootloaders.io/content/bootloaders/a8267643-bd8f-42e9-851a-86b986973758.md +++ b/bootloaders.io/content/bootloaders/a8267643-bd8f-42e9-851a-86b986973758.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a8267643-bd8f-42e9-851a-86b986973758.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a8267643-bd8f-42e9-851a-86b986973758.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c.md b/bootloaders.io/content/bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c.md index 5441884..af72f06 100644 --- a/bootloaders.io/content/bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c.md +++ b/bootloaders.io/content/bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a93c81ef-3f87-43cd-8d09-67e57167689c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a93c81ef-3f87-43cd-8d09-67e57167689c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721.md b/bootloaders.io/content/bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721.md index 315047a..d3e18d1 100644 --- a/bootloaders.io/content/bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721.md +++ b/bootloaders.io/content/bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a950cc79-4054-4d02-bd8d-3de2165a3721.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a950cc79-4054-4d02-bd8d-3de2165a3721.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.md b/bootloaders.io/content/bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.md index 82e91d4..6a314a4 100644 --- a/bootloaders.io/content/bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.md +++ b/bootloaders.io/content/bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.md b/bootloaders.io/content/bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.md index 3b2f123..eca213e 100644 --- a/bootloaders.io/content/bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.md +++ b/bootloaders.io/content/bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/f3c14ba5c3670afacd47f0574922b98f.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f3c14ba5c3670afacd47f0574922b98f.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.md b/bootloaders.io/content/bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.md index bf3ade8..6e6888b 100644 --- a/bootloaders.io/content/bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.md +++ b/bootloaders.io/content/bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.md @@ -22,7 +22,7 @@ This was provided by Eurosoft and revoked Aug-22 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/77164588c1c1207395ca4a64dca19f85.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/77164588c1c1207395ca4a64dca19f85.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -141,10 +141,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -209,7 +211,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.md b/bootloaders.io/content/bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.md index 2b88c0e..b7e95ae 100644 --- a/bootloaders.io/content/bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.md +++ b/bootloaders.io/content/bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.md b/bootloaders.io/content/bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.md index 3a4e96f..d6aa20a 100644 --- a/bootloaders.io/content/bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.md +++ b/bootloaders.io/content/bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/007e746f6aeff8bcb4479e6e49236260.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/007e746f6aeff8bcb4479e6e49236260.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529.md b/bootloaders.io/content/bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529.md index 11696b5..31a0447 100644 --- a/bootloaders.io/content/bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529.md +++ b/bootloaders.io/content/bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/1ee7ccaae6df60e3e850ae6c4a3b7478.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1ee7ccaae6df60e3e850ae6c4a3b7478.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ac6f3137-42fd-46e6-8cfb-a22a6785d529.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ac6f3137-42fd-46e6-8cfb-a22a6785d529.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f.md b/bootloaders.io/content/bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f.md index bdaa3ff..868004a 100644 --- a/bootloaders.io/content/bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f.md +++ b/bootloaders.io/content/bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ac900b72-efdd-4779-9a1f-401949c3446f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ac900b72-efdd-4779-9a1f-401949c3446f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.md b/bootloaders.io/content/bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.md index 08455b0..ef486b6 100644 --- a/bootloaders.io/content/bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.md +++ b/bootloaders.io/content/bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.md b/bootloaders.io/content/bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.md index 2615efe..98cd3bd 100644 --- a/bootloaders.io/content/bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.md +++ b/bootloaders.io/content/bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.md b/bootloaders.io/content/bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.md index 5e5b562..9a0ea87 100644 --- a/bootloaders.io/content/bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.md +++ b/bootloaders.io/content/bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.md b/bootloaders.io/content/bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.md index 4096cf5..997eaad 100644 --- a/bootloaders.io/content/bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.md +++ b/bootloaders.io/content/bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.md b/bootloaders.io/content/bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.md index daade13..972cffa 100644 --- a/bootloaders.io/content/bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.md +++ b/bootloaders.io/content/bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c.md b/bootloaders.io/content/bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c.md index df63958..1b1dcab 100644 --- a/bootloaders.io/content/bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c.md +++ b/bootloaders.io/content/bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/5917ac93685b816492c5476071db3871.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/5917ac93685b816492c5476071db3871.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ae5b655b-a592-4d17-bce2-99ef497e846c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ae5b655b-a592-4d17-bce2-99ef497e846c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01.md b/bootloaders.io/content/bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01.md index b4b0dfa..0f43eb0 100644 --- a/bootloaders.io/content/bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01.md +++ b/bootloaders.io/content/bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ae979b6b-32b7-42cd-b835-09215a457c01.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ae979b6b-32b7-42cd-b835-09215a457c01.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.md b/bootloaders.io/content/bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.md index 0663e6e..5c225a2 100644 --- a/bootloaders.io/content/bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.md +++ b/bootloaders.io/content/bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/7f0de7a661590f1c33de0b80676e8827.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7f0de7a661590f1c33de0b80676e8827.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414.md b/bootloaders.io/content/bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414.md index 4f0ff20..8c50d54 100644 --- a/bootloaders.io/content/bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414.md +++ b/bootloaders.io/content/bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/af2bf5be-c938-4852-a9b2-14ecff96c414.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/af2bf5be-c938-4852-a9b2-14ecff96c414.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563.md b/bootloaders.io/content/bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563.md index 610f467..090b5a5 100644 --- a/bootloaders.io/content/bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563.md +++ b/bootloaders.io/content/bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/af34038a-8535-46ac-8f63-bdf18bb89563.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/af34038a-8535-46ac-8f63-bdf18bb89563.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/afc98e92-1064-426a-87de-35479bc19474.md b/bootloaders.io/content/bootloaders/afc98e92-1064-426a-87de-35479bc19474.md index 4af5fec..cf63251 100644 --- a/bootloaders.io/content/bootloaders/afc98e92-1064-426a-87de-35479bc19474.md +++ b/bootloaders.io/content/bootloaders/afc98e92-1064-426a-87de-35479bc19474.md @@ -22,7 +22,7 @@ This was provided by Oracle America, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/afc98e92-1064-426a-87de-35479bc19474.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/afc98e92-1064-426a-87de-35479bc19474.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e.md b/bootloaders.io/content/bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e.md index 4083f50..6122ae7 100644 --- a/bootloaders.io/content/bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e.md +++ b/bootloaders.io/content/bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e.md @@ -22,7 +22,7 @@ This was provided by Neverware and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/eaaa74b1ac8f59f8610a8e898de54cf6.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/eaaa74b1ac8f59f8610a8e898de54cf6.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b03177a4-54ec-4449-b30d-f197e75b8b3e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b03177a4-54ec-4449-b30d-f197e75b8b3e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b089a9fd-d664-400b-b66c-158cd1848428.md b/bootloaders.io/content/bootloaders/b089a9fd-d664-400b-b66c-158cd1848428.md index 97963ed..4ef19f5 100644 --- a/bootloaders.io/content/bootloaders/b089a9fd-d664-400b-b66c-158cd1848428.md +++ b/bootloaders.io/content/bootloaders/b089a9fd-d664-400b-b66c-158cd1848428.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b089a9fd-d664-400b-b66c-158cd1848428.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b089a9fd-d664-400b-b66c-158cd1848428.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b.md b/bootloaders.io/content/bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b.md index 0266ee4..6218970 100644 --- a/bootloaders.io/content/bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b.md +++ b/bootloaders.io/content/bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b0db7258-fe95-4712-ae0f-fe258342295b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b0db7258-fe95-4712-ae0f-fe258342295b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410.md b/bootloaders.io/content/bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410.md index afd859f..b841c8b 100644 --- a/bootloaders.io/content/bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410.md +++ b/bootloaders.io/content/bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/a27c33dada320aff0672ce32f953ffbc.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a27c33dada320aff0672ce32f953ffbc.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b1d65631-7072-4168-b25a-5e18d41b3410.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b1d65631-7072-4168-b25a-5e18d41b3410.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.md b/bootloaders.io/content/bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.md index 159c539..eec7a58 100644 --- a/bootloaders.io/content/bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.md +++ b/bootloaders.io/content/bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.md @@ -22,7 +22,7 @@ This was provided by Eurosoft and revoked Aug-22 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/7e05f116825f8e60072443b813e6192e.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7e05f116825f8e60072443b813e6192e.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -141,10 +141,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -209,7 +211,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.md b/bootloaders.io/content/bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.md index 192329a..2b87e2e 100644 --- a/bootloaders.io/content/bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.md +++ b/bootloaders.io/content/bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/7f5843d48a960315b047e5231470e1b6.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7f5843d48a960315b047e5231470e1b6.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352.md b/bootloaders.io/content/bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352.md index 05873da..bbb7cad 100644 --- a/bootloaders.io/content/bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352.md +++ b/bootloaders.io/content/bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b2be4369-0672-4a82-96df-ee4d208d3352.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b2be4369-0672-4a82-96df-ee4d208d3352.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474.md b/bootloaders.io/content/bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474.md index 04d1560..fc61786 100644 --- a/bootloaders.io/content/bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474.md +++ b/bootloaders.io/content/bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b3a8852a-b702-419a-9d1c-4b371a130474.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b3a8852a-b702-419a-9d1c-4b371a130474.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.md b/bootloaders.io/content/bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.md index 9318fe8..7fe9960 100644 --- a/bootloaders.io/content/bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.md +++ b/bootloaders.io/content/bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/fe08109ce34ae68fed49348549b9ead1.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/fe08109ce34ae68fed49348549b9ead1.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.md b/bootloaders.io/content/bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.md index 4eca86b..ede0637 100644 --- a/bootloaders.io/content/bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.md +++ b/bootloaders.io/content/bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.md @@ -22,7 +22,7 @@ This was provided by Micron Technology and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/d407a4d3a9887218394aa73e94ffbde5.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d407a4d3a9887218394aa73e94ffbde5.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1.md b/bootloaders.io/content/bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1.md index 9c42d3d..27e484e 100644 --- a/bootloaders.io/content/bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1.md +++ b/bootloaders.io/content/bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b3f78afd-8a4f-444e-8561-b32a5d6015f1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b3f78afd-8a4f-444e-8561-b32a5d6015f1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02.md b/bootloaders.io/content/bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02.md index 86570f0..6790cac 100644 --- a/bootloaders.io/content/bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02.md +++ b/bootloaders.io/content/bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b429b35f-a9c3-4de9-a7be-da2b2c688a02.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b429b35f-a9c3-4de9-a7be-da2b2c688a02.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b42db55a-4520-493a-81ec-42002887ea96.md b/bootloaders.io/content/bootloaders/b42db55a-4520-493a-81ec-42002887ea96.md index 464fcfe..4e1d571 100644 --- a/bootloaders.io/content/bootloaders/b42db55a-4520-493a-81ec-42002887ea96.md +++ b/bootloaders.io/content/bootloaders/b42db55a-4520-493a-81ec-42002887ea96.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/7f0de7a661590f1c33de0b80676e8827.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7f0de7a661590f1c33de0b80676e8827.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b42db55a-4520-493a-81ec-42002887ea96.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b42db55a-4520-493a-81ec-42002887ea96.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150.md b/bootloaders.io/content/bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150.md index aead0b7..8bd38f1 100644 --- a/bootloaders.io/content/bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150.md +++ b/bootloaders.io/content/bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150.md @@ -22,7 +22,7 @@ This was provided by Endless OS and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/7661abbf92a68466a3562ec887365e6a.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7661abbf92a68466a3562ec887365e6a.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b59f1e98-72fb-4ccf-a651-bf9318f14150.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b59f1e98-72fb-4ccf-a651-bf9318f14150.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.md b/bootloaders.io/content/bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.md index 2670cf4..72d839c 100644 --- a/bootloaders.io/content/bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.md +++ b/bootloaders.io/content/bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71.md b/bootloaders.io/content/bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71.md index 3db8587..576bc68 100644 --- a/bootloaders.io/content/bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71.md +++ b/bootloaders.io/content/bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b7909152-9a87-4045-9aca-ae18890b2b71.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b7909152-9a87-4045-9aca-ae18890b2b71.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.md b/bootloaders.io/content/bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.md index df80bc6..ec1c54d 100644 --- a/bootloaders.io/content/bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.md +++ b/bootloaders.io/content/bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b.md b/bootloaders.io/content/bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b.md index 5ad6220..89649c6 100644 --- a/bootloaders.io/content/bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b.md +++ b/bootloaders.io/content/bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b842b745-24ab-4f75-a302-5d4c4bf0101b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b842b745-24ab-4f75-a302-5d4c4bf0101b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd.md b/bootloaders.io/content/bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd.md index 4d91396..1752373 100644 --- a/bootloaders.io/content/bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd.md +++ b/bootloaders.io/content/bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/b8cfe531-3969-4203-a575-fec35e4880fd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b8cfe531-3969-4203-a575-fec35e4880fd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.md b/bootloaders.io/content/bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.md index 7d57b62..f9983c4 100644 --- a/bootloaders.io/content/bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.md +++ b/bootloaders.io/content/bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c.md b/bootloaders.io/content/bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c.md index d74befd..59c77de 100644 --- a/bootloaders.io/content/bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c.md +++ b/bootloaders.io/content/bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bbc2661b-25de-4c4b-ac84-367115d44e8c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bbc2661b-25de-4c4b-ac84-367115d44e8c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bbd79406-168c-449a-8206-9927288fefd4.md b/bootloaders.io/content/bootloaders/bbd79406-168c-449a-8206-9927288fefd4.md index dde2373..ff67e8e 100644 --- a/bootloaders.io/content/bootloaders/bbd79406-168c-449a-8206-9927288fefd4.md +++ b/bootloaders.io/content/bootloaders/bbd79406-168c-449a-8206-9927288fefd4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bbd79406-168c-449a-8206-9927288fefd4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bbd79406-168c-449a-8206-9927288fefd4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.md b/bootloaders.io/content/bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.md index 461027b..4ea8750 100644 --- a/bootloaders.io/content/bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.md +++ b/bootloaders.io/content/bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bca306da-15be-48c3-8a55-3165085410b9.md b/bootloaders.io/content/bootloaders/bca306da-15be-48c3-8a55-3165085410b9.md index 6aeef10..ca8c4dd 100644 --- a/bootloaders.io/content/bootloaders/bca306da-15be-48c3-8a55-3165085410b9.md +++ b/bootloaders.io/content/bootloaders/bca306da-15be-48c3-8a55-3165085410b9.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bca306da-15be-48c3-8a55-3165085410b9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bca306da-15be-48c3-8a55-3165085410b9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063.md b/bootloaders.io/content/bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063.md index 669e582..e86c8b3 100644 --- a/bootloaders.io/content/bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063.md +++ b/bootloaders.io/content/bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bcd750be-01b1-4b34-b7a5-065af773d063.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bcd750be-01b1-4b34-b7a5-065af773d063.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9.md b/bootloaders.io/content/bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9.md index bb8a21a..d9ed99b 100644 --- a/bootloaders.io/content/bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9.md +++ b/bootloaders.io/content/bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bcda745b-c931-494a-bf26-4dfd7c824ee9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bcda745b-c931-494a-bf26-4dfd7c824ee9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bf069911-444a-4972-8961-140fd7897324.md b/bootloaders.io/content/bootloaders/bf069911-444a-4972-8961-140fd7897324.md index fe7e5a9..36a81f3 100644 --- a/bootloaders.io/content/bootloaders/bf069911-444a-4972-8961-140fd7897324.md +++ b/bootloaders.io/content/bootloaders/bf069911-444a-4972-8961-140fd7897324.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bf069911-444a-4972-8961-140fd7897324.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bf069911-444a-4972-8961-140fd7897324.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.md b/bootloaders.io/content/bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.md index 4fdc6f2..3547ba0 100644 --- a/bootloaders.io/content/bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.md +++ b/bootloaders.io/content/bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585.md b/bootloaders.io/content/bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585.md index 08327f3..e1d4e5e 100644 --- a/bootloaders.io/content/bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585.md +++ b/bootloaders.io/content/bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585.md @@ -22,7 +22,7 @@ This was provided by Alt Linux LTD and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bf8069da-0ffc-463d-b17c-3e0ee49d0585.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bf8069da-0ffc-463d-b17c-3e0ee49d0585.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.md b/bootloaders.io/content/bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.md index 234cdbc..0f59c96 100644 --- a/bootloaders.io/content/bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.md +++ b/bootloaders.io/content/bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda.md b/bootloaders.io/content/bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda.md index e378866..94f0395 100644 --- a/bootloaders.io/content/bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda.md +++ b/bootloaders.io/content/bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c045cb03-9cfb-4ef9-b058-6734090e1dda.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c045cb03-9cfb-4ef9-b058-6734090e1dda.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.md b/bootloaders.io/content/bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.md index 70b3417..1c6b37a 100644 --- a/bootloaders.io/content/bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.md +++ b/bootloaders.io/content/bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.md @@ -22,7 +22,7 @@ This was provided by vmware and revoked Aug-22 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.md b/bootloaders.io/content/bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.md index 78c7147..96c3cbb 100644 --- a/bootloaders.io/content/bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.md +++ b/bootloaders.io/content/bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0.md b/bootloaders.io/content/bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0.md index de621c3..bcc41d0 100644 --- a/bootloaders.io/content/bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0.md +++ b/bootloaders.io/content/bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/cefe4b51ab58c74a20f0302fca66bd03.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/cefe4b51ab58c74a20f0302fca66bd03.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c2ba98da-826c-45bb-bb56-09db34e78fe0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c2ba98da-826c-45bb-bb56-09db34e78fe0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.md b/bootloaders.io/content/bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.md index acf515f..b601333 100644 --- a/bootloaders.io/content/bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.md +++ b/bootloaders.io/content/bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0.md b/bootloaders.io/content/bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0.md index 90263d4..ae2333c 100644 --- a/bootloaders.io/content/bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0.md +++ b/bootloaders.io/content/bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c2d12b91-7e1e-403c-8d76-9664229a68c0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c2d12b91-7e1e-403c-8d76-9664229a68c0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0.md b/bootloaders.io/content/bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0.md index 03df01b..3535d50 100644 --- a/bootloaders.io/content/bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0.md +++ b/bootloaders.io/content/bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c348343b-faea-4c60-a0bd-c140a51ca9f0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c348343b-faea-4c60-a0bd-c140a51ca9f0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f.md b/bootloaders.io/content/bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f.md index 0291aad..3b50d54 100644 --- a/bootloaders.io/content/bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f.md +++ b/bootloaders.io/content/bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f.md @@ -22,7 +22,7 @@ This was provided by VMware Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c368c62d-85dc-4bc7-8302-09be91700a9f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c368c62d-85dc-4bc7-8302-09be91700a9f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.md b/bootloaders.io/content/bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.md index cb0ae5a..546d054 100644 --- a/bootloaders.io/content/bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.md +++ b/bootloaders.io/content/bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9.md b/bootloaders.io/content/bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9.md index 228c134..262e1c5 100644 --- a/bootloaders.io/content/bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9.md +++ b/bootloaders.io/content/bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c54ad511-bb85-42f4-ae87-e476854748b9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c54ad511-bb85-42f4-ae87-e476854748b9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479.md b/bootloaders.io/content/bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479.md index 46dfd82..7d00768 100644 --- a/bootloaders.io/content/bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479.md +++ b/bootloaders.io/content/bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c5c530c2-b0e2-440b-98c4-3ae3a9581479.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c5c530c2-b0e2-440b-98c4-3ae3a9581479.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e.md b/bootloaders.io/content/bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e.md index 61b04ca..2150231 100644 --- a/bootloaders.io/content/bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e.md +++ b/bootloaders.io/content/bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c632b521-0428-4bcd-b37c-3cbd25eccc0e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c632b521-0428-4bcd-b37c-3cbd25eccc0e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.md b/bootloaders.io/content/bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.md index 4428f86..870eae8 100644 --- a/bootloaders.io/content/bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.md +++ b/bootloaders.io/content/bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c748db0c-0a54-4567-a733-2f803c84a914.md b/bootloaders.io/content/bootloaders/c748db0c-0a54-4567-a733-2f803c84a914.md index a771726..3104bab 100644 --- a/bootloaders.io/content/bootloaders/c748db0c-0a54-4567-a733-2f803c84a914.md +++ b/bootloaders.io/content/bootloaders/c748db0c-0a54-4567-a733-2f803c84a914.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c748db0c-0a54-4567-a733-2f803c84a914.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c748db0c-0a54-4567-a733-2f803c84a914.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06.md b/bootloaders.io/content/bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06.md index b80e834..7a73b74 100644 --- a/bootloaders.io/content/bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06.md +++ b/bootloaders.io/content/bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c7e48901-5dda-4d9a-b064-9ec8e51efc06.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c7e48901-5dda-4d9a-b064-9ec8e51efc06.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.md b/bootloaders.io/content/bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.md index acb1dfe..465f5cb 100644 --- a/bootloaders.io/content/bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.md +++ b/bootloaders.io/content/bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3.md b/bootloaders.io/content/bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3.md index d48c27a..55fd593 100644 --- a/bootloaders.io/content/bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3.md +++ b/bootloaders.io/content/bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c8069469-51c7-44c5-8032-1d2fde34f8d3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c8069469-51c7-44c5-8032-1d2fde34f8d3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8.md b/bootloaders.io/content/bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8.md index ab3125d..75ced53 100644 --- a/bootloaders.io/content/bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8.md +++ b/bootloaders.io/content/bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c818cbe0-bc64-4557-a266-570214ebaaa8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c818cbe0-bc64-4557-a266-570214ebaaa8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53.md b/bootloaders.io/content/bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53.md index 9d41086..dcc3c78 100644 --- a/bootloaders.io/content/bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53.md +++ b/bootloaders.io/content/bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/958ceee3668f4eff01fb29d03518b49e.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/958ceee3668f4eff01fb29d03518b49e.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c8440951-fa74-42e2-bee5-4a70db2dec53.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c8440951-fa74-42e2-bee5-4a70db2dec53.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c8bbda28-7392-4588-a899-755c58de432b.md b/bootloaders.io/content/bootloaders/c8bbda28-7392-4588-a899-755c58de432b.md index 7fd11aa..d276919 100644 --- a/bootloaders.io/content/bootloaders/c8bbda28-7392-4588-a899-755c58de432b.md +++ b/bootloaders.io/content/bootloaders/c8bbda28-7392-4588-a899-755c58de432b.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/8712d45e1ae024cb45067ad5918e12da.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8712d45e1ae024cb45067ad5918e12da.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c8bbda28-7392-4588-a899-755c58de432b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c8bbda28-7392-4588-a899-755c58de432b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e.md b/bootloaders.io/content/bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e.md index e10876b..2e8c49b 100644 --- a/bootloaders.io/content/bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e.md +++ b/bootloaders.io/content/bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/09287aecf07aa294ed7f76f2234270a9.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/09287aecf07aa294ed7f76f2234270a9.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c8d926b0-b5a4-4960-b951-1f4cfffd940e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c8d926b0-b5a4-4960-b951-1f4cfffd940e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c900de9c-b4b1-40b1-b106-db0845396462.md b/bootloaders.io/content/bootloaders/c900de9c-b4b1-40b1-b106-db0845396462.md index b5ef8e1..3942d5c 100644 --- a/bootloaders.io/content/bootloaders/c900de9c-b4b1-40b1-b106-db0845396462.md +++ b/bootloaders.io/content/bootloaders/c900de9c-b4b1-40b1-b106-db0845396462.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c900de9c-b4b1-40b1-b106-db0845396462.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c900de9c-b4b1-40b1-b106-db0845396462.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.md b/bootloaders.io/content/bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.md index 0392a3e..21158b0 100644 --- a/bootloaders.io/content/bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.md +++ b/bootloaders.io/content/bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.md b/bootloaders.io/content/bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.md index 33934cc..b6e3696 100644 --- a/bootloaders.io/content/bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.md +++ b/bootloaders.io/content/bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7.md b/bootloaders.io/content/bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7.md index eb6d265..f2bfe35 100644 --- a/bootloaders.io/content/bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7.md +++ b/bootloaders.io/content/bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ca53fb23-c94b-436c-9066-079bd6480ae7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ca53fb23-c94b-436c-9066-079bd6480ae7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3.md b/bootloaders.io/content/bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3.md index 39273e2..92740e3 100644 --- a/bootloaders.io/content/bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3.md +++ b/bootloaders.io/content/bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3.md @@ -22,7 +22,7 @@ This was provided by Oracle America, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ca7157a0-3de8-4642-95b6-0a42c53a97b3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ca7157a0-3de8-4642-95b6-0a42c53a97b3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8.md b/bootloaders.io/content/bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8.md index 94bd78d..7889c80 100644 --- a/bootloaders.io/content/bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8.md +++ b/bootloaders.io/content/bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8.md @@ -22,7 +22,7 @@ This was provided by whitecanyon and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/16e6180b7edfa353678a459079afa5db.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/16e6180b7edfa353678a459079afa5db.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cab29561-a4b4-4cb1-b6c6-115700991af8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cab29561-a4b4-4cb1-b6c6-115700991af8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336.md b/bootloaders.io/content/bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336.md index 4e58997..600d5c3 100644 --- a/bootloaders.io/content/bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336.md +++ b/bootloaders.io/content/bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cb08669d-8b82-45b7-8fc7-ea815f96e336.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cb08669d-8b82-45b7-8fc7-ea815f96e336.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.md b/bootloaders.io/content/bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.md index f5e9f83..15fc45c 100644 --- a/bootloaders.io/content/bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.md +++ b/bootloaders.io/content/bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/3f5b9c90792efc13debd32233440ad32.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/3f5b9c90792efc13debd32233440ad32.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a.md b/bootloaders.io/content/bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a.md index bfb0693..1961875 100644 --- a/bootloaders.io/content/bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a.md +++ b/bootloaders.io/content/bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cb5a22b9-4471-44a3-9783-c27df207f95a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cb5a22b9-4471-44a3-9783-c27df207f95a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.md b/bootloaders.io/content/bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.md index 9bb97b7..0d685a3 100644 --- a/bootloaders.io/content/bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.md +++ b/bootloaders.io/content/bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98.md b/bootloaders.io/content/bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98.md index 58d77ef..62bcbef 100644 --- a/bootloaders.io/content/bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98.md +++ b/bootloaders.io/content/bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c9d595c35045f8b200f9d3142cb3d683.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c9d595c35045f8b200f9d3142cb3d683.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cc522d44-5de1-43fd-8d62-29b630f45f98.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc522d44-5de1-43fd-8d62-29b630f45f98.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cc55f472-e9c9-493c-bf44-98d528441570.md b/bootloaders.io/content/bootloaders/cc55f472-e9c9-493c-bf44-98d528441570.md index 8afee8a..e65296d 100644 --- a/bootloaders.io/content/bootloaders/cc55f472-e9c9-493c-bf44-98d528441570.md +++ b/bootloaders.io/content/bootloaders/cc55f472-e9c9-493c-bf44-98d528441570.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9c77b23f662f4c5cf1da2ec62ba6fd2c.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9c77b23f662f4c5cf1da2ec62ba6fd2c.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cc55f472-e9c9-493c-bf44-98d528441570.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc55f472-e9c9-493c-bf44-98d528441570.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589.md b/bootloaders.io/content/bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589.md index f817a25..bc532f3 100644 --- a/bootloaders.io/content/bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589.md +++ b/bootloaders.io/content/bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cc89429d-d9b6-412c-8083-4879ab57f589.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc89429d-d9b6-412c-8083-4879ab57f589.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17.md b/bootloaders.io/content/bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17.md index c11ddcc..d522ab5 100644 --- a/bootloaders.io/content/bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17.md +++ b/bootloaders.io/content/bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cc9c7842-484d-4427-9ed5-75073efdad17.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc9c7842-484d-4427-9ed5-75073efdad17.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6.md b/bootloaders.io/content/bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6.md index d338532..37a5cb7 100644 --- a/bootloaders.io/content/bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6.md +++ b/bootloaders.io/content/bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6.md @@ -22,7 +22,7 @@ This was provided by Alt Linux LTD and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/f38a930c417139cd5ccfe3ff2277b4c7.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f38a930c417139cd5ccfe3ff2277b4c7.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cce60051-3b8f-4752-9e76-a1098bc803b6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cce60051-3b8f-4752-9e76-a1098bc803b6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.md b/bootloaders.io/content/bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.md index 694da60..836c1fe 100644 --- a/bootloaders.io/content/bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.md +++ b/bootloaders.io/content/bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09.md b/bootloaders.io/content/bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09.md index 468d329..246d066 100644 --- a/bootloaders.io/content/bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09.md +++ b/bootloaders.io/content/bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cd328e2d-3b59-4c94-a0e0-60b7f793db09.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cd328e2d-3b59-4c94-a0e0-60b7f793db09.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5.md b/bootloaders.io/content/bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5.md index a4a1500..95a336e 100644 --- a/bootloaders.io/content/bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5.md +++ b/bootloaders.io/content/bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cd9dcfdd-25a1-42d5-bd95-3778087060b5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cd9dcfdd-25a1-42d5-bd95-3778087060b5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe.md b/bootloaders.io/content/bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe.md index f2952a1..7ecea06 100644 --- a/bootloaders.io/content/bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe.md +++ b/bootloaders.io/content/bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux Products GmbH and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ce34babf-0f03-4d6d-969d-e063648d5dfe.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ce34babf-0f03-4d6d-969d-e063648d5dfe.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3.md b/bootloaders.io/content/bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3.md index 65d20a1..b76643c 100644 --- a/bootloaders.io/content/bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3.md +++ b/bootloaders.io/content/bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/de3db6ac5d9d0d31d8668a74bc3332df.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/de3db6ac5d9d0d31d8668a74bc3332df.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ce52a206-8cc9-43e4-9f5d-28b646502ac3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ce52a206-8cc9-43e4-9f5d-28b646502ac3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832.md b/bootloaders.io/content/bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832.md index 9d87bef..413fff2 100644 --- a/bootloaders.io/content/bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832.md +++ b/bootloaders.io/content/bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ce737ee6-e949-44cb-badf-3f1d775d4832.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ce737ee6-e949-44cb-badf-3f1d775d4832.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e.md b/bootloaders.io/content/bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e.md index 1a4343e..7e04bac 100644 --- a/bootloaders.io/content/bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e.md +++ b/bootloaders.io/content/bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cede5464-786a-4472-9b83-cbf540f90d1e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cede5464-786a-4472-9b83-cbf540f90d1e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05.md b/bootloaders.io/content/bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05.md index ed8c1cc..37d65b0 100644 --- a/bootloaders.io/content/bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05.md +++ b/bootloaders.io/content/bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cef00ef9-665c-48ed-9b4c-d383d2846e05.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cef00ef9-665c-48ed-9b4c-d383d2846e05.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca.md b/bootloaders.io/content/bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca.md index 973478d..a9f7c65 100644 --- a/bootloaders.io/content/bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca.md +++ b/bootloaders.io/content/bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca.md @@ -22,7 +22,7 @@ This was provided by Neverware and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/0008d969a43a2b94edd849cdee6ae3c9.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/0008d969a43a2b94edd849cdee6ae3c9.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cef9f132-2635-47a6-bed7-6011eb7f04ca.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cef9f132-2635-47a6-bed7-6011eb7f04ca.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719.md b/bootloaders.io/content/bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719.md index c7a6cb0..e4d35ab 100644 --- a/bootloaders.io/content/bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719.md +++ b/bootloaders.io/content/bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cf486d6a-cb41-4d0b-9258-81a14e76f719.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cf486d6a-cb41-4d0b-9258-81a14e76f719.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e.md b/bootloaders.io/content/bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e.md index b2c2bac..c150ce6 100644 --- a/bootloaders.io/content/bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e.md +++ b/bootloaders.io/content/bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cf8adf07-931e-408c-a85f-d5e45b09a41e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cf8adf07-931e-408c-a85f-d5e45b09a41e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161.md b/bootloaders.io/content/bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161.md index ea0ed5c..2f3c8e6 100644 --- a/bootloaders.io/content/bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161.md +++ b/bootloaders.io/content/bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/cfec0cca-c6b7-4327-a2d8-7dca0515e161.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cfec0cca-c6b7-4327-a2d8-7dca0515e161.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74.md b/bootloaders.io/content/bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74.md index 717b374..e047fa8 100644 --- a/bootloaders.io/content/bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74.md +++ b/bootloaders.io/content/bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/5692b49c53b4401e76a43c82d7d496de.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/5692b49c53b4401e76a43c82d7d496de.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d01601d7-2e46-4b78-801f-d260597e9b74.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d01601d7-2e46-4b78-801f-d260597e9b74.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd.md b/bootloaders.io/content/bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd.md index 91e64ce..b7c876c 100644 --- a/bootloaders.io/content/bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd.md +++ b/bootloaders.io/content/bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d0acb6e2-2647-424d-b438-eff9f1b605fd.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d0acb6e2-2647-424d-b438-eff9f1b605fd.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29.md b/bootloaders.io/content/bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29.md index 96930be..589305e 100644 --- a/bootloaders.io/content/bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29.md +++ b/bootloaders.io/content/bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d0f8d27f-26e3-4500-bcb8-dab29c667c29.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d0f8d27f-26e3-4500-bcb8-dab29c667c29.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb.md b/bootloaders.io/content/bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb.md index 2a1460b..308895c 100644 --- a/bootloaders.io/content/bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb.md +++ b/bootloaders.io/content/bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/d0be4e86a7eaa87c849e3e137c3471dd.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d0be4e86a7eaa87c849e3e137c3471dd.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d159a67f-5512-4922-bc1e-5c675a73d0cb.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d159a67f-5512-4922-bc1e-5c675a73d0cb.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0.md b/bootloaders.io/content/bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0.md index 5ac3da7..8318af1 100644 --- a/bootloaders.io/content/bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0.md +++ b/bootloaders.io/content/bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d17ff559-85d0-4cc7-9327-516585723ea0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d17ff559-85d0-4cc7-9327-516585723ea0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.md b/bootloaders.io/content/bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.md index 2fbde17..b71dc72 100644 --- a/bootloaders.io/content/bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.md +++ b/bootloaders.io/content/bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/d6604f3caaa504ff3aedbade7d87fb97.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d6604f3caaa504ff3aedbade7d87fb97.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9.md b/bootloaders.io/content/bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9.md index 1b7c64a..62dea31 100644 --- a/bootloaders.io/content/bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9.md +++ b/bootloaders.io/content/bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d1e51f20-1939-4b7c-8875-2458c9e418d9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d1e51f20-1939-4b7c-8875-2458c9e418d9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06.md b/bootloaders.io/content/bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06.md index a66cdf5..97cf340 100644 --- a/bootloaders.io/content/bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06.md +++ b/bootloaders.io/content/bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06.md @@ -22,7 +22,7 @@ This was provided by Debian and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/8273287f52ffff4624121d2926ef9df4.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8273287f52ffff4624121d2926ef9df4.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d20a9d4f-d336-4400-b839-d2334be05e06.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d20a9d4f-d336-4400-b839-d2334be05e06.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0.md b/bootloaders.io/content/bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0.md index a92d247..958f27c 100644 --- a/bootloaders.io/content/bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0.md +++ b/bootloaders.io/content/bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0.md @@ -22,7 +22,7 @@ This was provided by Trend Micro and revoked Mar-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d22cf9cb-63e3-4445-8af3-abd3537282d0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d22cf9cb-63e3-4445-8af3-abd3537282d0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff.md b/bootloaders.io/content/bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff.md index 18fb6a2..399e0ab 100644 --- a/bootloaders.io/content/bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff.md +++ b/bootloaders.io/content/bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/1854d98bc963a9a82e0d9abef6bc3873.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1854d98bc963a9a82e0d9abef6bc3873.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d2c1c960-2c20-4647-ba66-d3c5d3385cff.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d2c1c960-2c20-4647-ba66-d3c5d3385cff.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a.md b/bootloaders.io/content/bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a.md index 924a199..f5809f6 100644 --- a/bootloaders.io/content/bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a.md +++ b/bootloaders.io/content/bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d40485d2-4fea-4d92-99e9-e1531fe4d33a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d40485d2-4fea-4d92-99e9-e1531fe4d33a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde.md b/bootloaders.io/content/bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde.md index 66a50ab..901d934 100644 --- a/bootloaders.io/content/bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde.md +++ b/bootloaders.io/content/bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d457a885-6677-4118-9cf3-05bfc65e1fde.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d457a885-6677-4118-9cf3-05bfc65e1fde.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9.md b/bootloaders.io/content/bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9.md index cc25b0b..c5ec8cd 100644 --- a/bootloaders.io/content/bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9.md +++ b/bootloaders.io/content/bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/7de3ac2823e2f7c241f2b181a8417647.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7de3ac2823e2f7c241f2b181a8417647.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d50e4193-70d2-4807-9bc9-671894e82df9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d50e4193-70d2-4807-9bc9-671894e82df9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af.md b/bootloaders.io/content/bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af.md index f6f0fff..d56bc06 100644 --- a/bootloaders.io/content/bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af.md +++ b/bootloaders.io/content/bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9caa5988ee5678dad93374ef1f4fd184.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9caa5988ee5678dad93374ef1f4fd184.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d569f749-c5fe-42ff-b6f9-8966a14d06af.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d569f749-c5fe-42ff-b6f9-8966a14d06af.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.md b/bootloaders.io/content/bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.md index ea54179..87a1bca 100644 --- a/bootloaders.io/content/bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.md +++ b/bootloaders.io/content/bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.md b/bootloaders.io/content/bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.md index 31aec91..fbbcf0c 100644 --- a/bootloaders.io/content/bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.md +++ b/bootloaders.io/content/bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.md @@ -22,7 +22,7 @@ This was provided by Cumulus Network and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d880c342-2996-430a-b850-fb372cecbef7.md b/bootloaders.io/content/bootloaders/d880c342-2996-430a-b850-fb372cecbef7.md index 391961e..d99a9ef 100644 --- a/bootloaders.io/content/bootloaders/d880c342-2996-430a-b850-fb372cecbef7.md +++ b/bootloaders.io/content/bootloaders/d880c342-2996-430a-b850-fb372cecbef7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d880c342-2996-430a-b850-fb372cecbef7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d880c342-2996-430a-b850-fb372cecbef7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.md b/bootloaders.io/content/bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.md index d8a4e28..f77e748 100644 --- a/bootloaders.io/content/bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.md +++ b/bootloaders.io/content/bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.md @@ -22,7 +22,7 @@ This was provided by Intel Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.md b/bootloaders.io/content/bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.md index ef8e120..b721c48 100644 --- a/bootloaders.io/content/bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.md +++ b/bootloaders.io/content/bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d964e229-7407-4292-88b5-505f8be99d2f.md b/bootloaders.io/content/bootloaders/d964e229-7407-4292-88b5-505f8be99d2f.md index 10d3511..dfbc2ca 100644 --- a/bootloaders.io/content/bootloaders/d964e229-7407-4292-88b5-505f8be99d2f.md +++ b/bootloaders.io/content/bootloaders/d964e229-7407-4292-88b5-505f8be99d2f.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d964e229-7407-4292-88b5-505f8be99d2f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d964e229-7407-4292-88b5-505f8be99d2f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f.md b/bootloaders.io/content/bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f.md index a20acf7..e0ac2ec 100644 --- a/bootloaders.io/content/bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f.md +++ b/bootloaders.io/content/bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/d9cb5f15-653d-4fdc-aee2-279681f7f91f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d9cb5f15-653d-4fdc-aee2-279681f7f91f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a.md b/bootloaders.io/content/bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a.md index 18374af..fb02e81 100644 --- a/bootloaders.io/content/bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a.md +++ b/bootloaders.io/content/bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/da54ae14-5e4d-4280-b91e-4b78d0df036a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/da54ae14-5e4d-4280-b91e-4b78d0df036a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab.md b/bootloaders.io/content/bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab.md index b33ab32..6c9c54b 100644 --- a/bootloaders.io/content/bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab.md +++ b/bootloaders.io/content/bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab.md @@ -22,7 +22,7 @@ This was provided by TeraByte Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/24a7545dc37bc7d366b05c68752af476.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/24a7545dc37bc7d366b05c68752af476.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dabe9a66-0446-43a1-b9bc-fe279702a5ab.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dabe9a66-0446-43a1-b9bc-fe279702a5ab.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990.md b/bootloaders.io/content/bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990.md index a714c3d..1efe001 100644 --- a/bootloaders.io/content/bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990.md +++ b/bootloaders.io/content/bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/db57d7a1-5937-4ba9-896e-8fdce1ff2990.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/db57d7a1-5937-4ba9-896e-8fdce1ff2990.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.md b/bootloaders.io/content/bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.md index b619e83..94cc77c 100644 --- a/bootloaders.io/content/bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.md +++ b/bootloaders.io/content/bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79.md b/bootloaders.io/content/bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79.md index 36440b4..0a0bcaa 100644 --- a/bootloaders.io/content/bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79.md +++ b/bootloaders.io/content/bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dba882ff-03d1-4cf3-9e9d-9358d6416d79.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dba882ff-03d1-4cf3-9e9d-9358d6416d79.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3.md b/bootloaders.io/content/bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3.md index 723e7f3..55a46f3 100644 --- a/bootloaders.io/content/bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3.md +++ b/bootloaders.io/content/bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dbbed756-4f18-430e-9a68-6f0054091fa3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dbbed756-4f18-430e-9a68-6f0054091fa3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dbc9e79d-2655-4892-81fe-830383602432.md b/bootloaders.io/content/bootloaders/dbc9e79d-2655-4892-81fe-830383602432.md index aaed0bd..95c29fd 100644 --- a/bootloaders.io/content/bootloaders/dbc9e79d-2655-4892-81fe-830383602432.md +++ b/bootloaders.io/content/bootloaders/dbc9e79d-2655-4892-81fe-830383602432.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dbc9e79d-2655-4892-81fe-830383602432.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dbc9e79d-2655-4892-81fe-830383602432.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310.md b/bootloaders.io/content/bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310.md index 9f2c0d5..ebb4681 100644 --- a/bootloaders.io/content/bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310.md +++ b/bootloaders.io/content/bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dc00f1c1-898a-479d-b9a5-9caa9973e310.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dc00f1c1-898a-479d-b9a5-9caa9973e310.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f.md b/bootloaders.io/content/bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f.md index 02d6808..2a2006b 100644 --- a/bootloaders.io/content/bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f.md +++ b/bootloaders.io/content/bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dc63ce55-4d4d-40f7-996d-6fc85f01443f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dc63ce55-4d4d-40f7-996d-6fc85f01443f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.md b/bootloaders.io/content/bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.md index 0428941..2f4af39 100644 --- a/bootloaders.io/content/bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.md +++ b/bootloaders.io/content/bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a.md b/bootloaders.io/content/bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a.md index 2d4f5a9..858845f 100644 --- a/bootloaders.io/content/bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a.md +++ b/bootloaders.io/content/bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a.md @@ -22,7 +22,7 @@ This was provided by Red Hat Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/d984cf8612284adc59b3b73deccb777f.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d984cf8612284adc59b3b73deccb777f.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dd78a9a0-255d-4856-b9be-76b08852303a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dd78a9a0-255d-4856-b9be-76b08852303a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1.md b/bootloaders.io/content/bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1.md index 0b44942..56ccb3d 100644 --- a/bootloaders.io/content/bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1.md +++ b/bootloaders.io/content/bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ddacf4b0-e6e4-4546-b3bc-f196645266b1.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ddacf4b0-e6e4-4546-b3bc-f196645266b1.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e.md b/bootloaders.io/content/bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e.md index 0f19eea..eff8d58 100644 --- a/bootloaders.io/content/bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e.md +++ b/bootloaders.io/content/bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e.md @@ -22,7 +22,7 @@ This was provided by Trend Micro and revoked Mar-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/ece26d0686590a1ae0f950a412ed1a10.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ece26d0686590a1ae0f950a412ed1a10.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -141,10 +141,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -209,7 +211,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ddecc35f-2233-4894-86d8-69e6e473943e.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ddecc35f-2233-4894-86d8-69e6e473943e.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113.md b/bootloaders.io/content/bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113.md index a36e36b..bc7cbbe 100644 --- a/bootloaders.io/content/bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113.md +++ b/bootloaders.io/content/bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/de853203-30c9-4dc4-a050-6812dc4e0113.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/de853203-30c9-4dc4-a050-6812dc4e0113.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4.md b/bootloaders.io/content/bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4.md index 9192e52..afaabc9 100644 --- a/bootloaders.io/content/bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4.md +++ b/bootloaders.io/content/bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/3aaa631aa80579a7ec4606f002de3436.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/3aaa631aa80579a7ec4606f002de3436.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/dfa9cb92-1691-442f-96df-9692e4ab29c4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dfa9cb92-1691-442f-96df-9692e4ab29c4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be.md b/bootloaders.io/content/bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be.md index e4c6530..1593894 100644 --- a/bootloaders.io/content/bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be.md +++ b/bootloaders.io/content/bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e0432a67-4ec8-4281-b4c1-a800e1b615be.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e0432a67-4ec8-4281-b4c1-a800e1b615be.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2.md b/bootloaders.io/content/bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2.md index 139fa1d..8cecca0 100644 --- a/bootloaders.io/content/bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2.md +++ b/bootloaders.io/content/bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e06e3faf-46e8-4902-9bd7-69b462d292d2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e06e3faf-46e8-4902-9bd7-69b462d292d2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c.md b/bootloaders.io/content/bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c.md index 39be3c8..cfc7a44 100644 --- a/bootloaders.io/content/bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c.md +++ b/bootloaders.io/content/bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e081d394-fa4c-46c9-8a1c-c8790790aa3c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e081d394-fa4c-46c9-8a1c-c8790790aa3c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.md b/bootloaders.io/content/bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.md index e89f7a5..bc6f5c6 100644 --- a/bootloaders.io/content/bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.md +++ b/bootloaders.io/content/bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.md b/bootloaders.io/content/bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.md index 46f6f42..7e0fab1 100644 --- a/bootloaders.io/content/bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.md +++ b/bootloaders.io/content/bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.md @@ -22,7 +22,7 @@ This was provided by VMware Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/07349cf7c406343bb9a9a9d9eec50790.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/07349cf7c406343bb9a9a9d9eec50790.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.md b/bootloaders.io/content/bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.md index a17f3bb..fe25c5c 100644 --- a/bootloaders.io/content/bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.md +++ b/bootloaders.io/content/bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5.md b/bootloaders.io/content/bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5.md index 8def4ee..4fd9e82 100644 --- a/bootloaders.io/content/bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5.md +++ b/bootloaders.io/content/bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/aad10724a4a2b676a69459a61124efec.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/aad10724a4a2b676a69459a61124efec.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e1e05cba-138a-4879-84c6-0ab872d03ea5.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e1e05cba-138a-4879-84c6-0ab872d03ea5.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.md b/bootloaders.io/content/bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.md index 08371fe..ed7cc3b 100644 --- a/bootloaders.io/content/bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.md +++ b/bootloaders.io/content/bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71.md b/bootloaders.io/content/bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71.md index 3376f5e..9cf516a 100644 --- a/bootloaders.io/content/bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71.md +++ b/bootloaders.io/content/bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71.md @@ -22,7 +22,7 @@ This was provided by TeraByte Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/c2d60556e72219f9d4dd063a6843aa37.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c2d60556e72219f9d4dd063a6843aa37.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e314abb1-31d1-460f-9df0-f437263d9e71.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e314abb1-31d1-460f-9df0-f437263d9e71.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d.md b/bootloaders.io/content/bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d.md index cf01209..1e048e4 100644 --- a/bootloaders.io/content/bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d.md +++ b/bootloaders.io/content/bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e32b7c1e-14b0-4f29-9c62-d1664d26777d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e32b7c1e-14b0-4f29-9c62-d1664d26777d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.md b/bootloaders.io/content/bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.md index f28e807..80d8aae 100644 --- a/bootloaders.io/content/bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.md +++ b/bootloaders.io/content/bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.md @@ -22,7 +22,7 @@ This was provided by Univention GmbH and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e638d650-dd39-49a9-a737-b02670064e45.md b/bootloaders.io/content/bootloaders/e638d650-dd39-49a9-a737-b02670064e45.md index 049e3df..8950d39 100644 --- a/bootloaders.io/content/bootloaders/e638d650-dd39-49a9-a737-b02670064e45.md +++ b/bootloaders.io/content/bootloaders/e638d650-dd39-49a9-a737-b02670064e45.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9bdc83ad343e8745e1f3d55c36cf2df6.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9bdc83ad343e8745e1f3d55c36cf2df6.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e638d650-dd39-49a9-a737-b02670064e45.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e638d650-dd39-49a9-a737-b02670064e45.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f.md b/bootloaders.io/content/bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f.md index 4239ccd..7943fca 100644 --- a/bootloaders.io/content/bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f.md +++ b/bootloaders.io/content/bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e774e770-0d9e-40c1-b9e1-ac09484a837f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e774e770-0d9e-40c1-b9e1-ac09484a837f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.md b/bootloaders.io/content/bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.md index 79f181c..5973d7b 100644 --- a/bootloaders.io/content/bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.md +++ b/bootloaders.io/content/bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e84c007a-a263-4bea-ad23-e46447001e91.md b/bootloaders.io/content/bootloaders/e84c007a-a263-4bea-ad23-e46447001e91.md index a3d80b8..a6590a4 100644 --- a/bootloaders.io/content/bootloaders/e84c007a-a263-4bea-ad23-e46447001e91.md +++ b/bootloaders.io/content/bootloaders/e84c007a-a263-4bea-ad23-e46447001e91.md @@ -22,7 +22,7 @@ This was provided by Oracle Corporation and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e84c007a-a263-4bea-ad23-e46447001e91.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e84c007a-a263-4bea-ad23-e46447001e91.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55.md b/bootloaders.io/content/bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55.md index 1626708..19d82b4 100644 --- a/bootloaders.io/content/bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55.md +++ b/bootloaders.io/content/bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/abd377408acc02ee7f2f16320ee9b49a.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/abd377408acc02ee7f2f16320ee9b49a.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e91a68c8-807d-4b65-a86b-c51335730c55.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e91a68c8-807d-4b65-a86b-c51335730c55.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.md b/bootloaders.io/content/bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.md index d8b0253..9bab6b9 100644 --- a/bootloaders.io/content/bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.md +++ b/bootloaders.io/content/bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/670eb63cbc05c4a4fa62f3c63d5b5f0a.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/670eb63cbc05c4a4fa62f3c63d5b5f0a.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.md b/bootloaders.io/content/bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.md index 82b47fb..7599fbd 100644 --- a/bootloaders.io/content/bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.md +++ b/bootloaders.io/content/bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.md b/bootloaders.io/content/bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.md index 942c9e0..74c4fd2 100644 --- a/bootloaders.io/content/bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.md +++ b/bootloaders.io/content/bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ea9f89dc-3143-424c-b3b3-437969245705.md b/bootloaders.io/content/bootloaders/ea9f89dc-3143-424c-b3b3-437969245705.md index b185371..8e5f18e 100644 --- a/bootloaders.io/content/bootloaders/ea9f89dc-3143-424c-b3b3-437969245705.md +++ b/bootloaders.io/content/bootloaders/ea9f89dc-3143-424c-b3b3-437969245705.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/1aa56b885cc8dcb37e0165fb6774acf3.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1aa56b885cc8dcb37e0165fb6774acf3.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ea9f89dc-3143-424c-b3b3-437969245705.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ea9f89dc-3143-424c-b3b3-437969245705.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7.md b/bootloaders.io/content/bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7.md index 5329051..01588b0 100644 --- a/bootloaders.io/content/bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7.md +++ b/bootloaders.io/content/bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/eba694e7-6b97-4fd7-8e20-e26392cad8e7.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/eba694e7-6b97-4fd7-8e20-e26392cad8e7.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.md b/bootloaders.io/content/bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.md index b8cd428..bbd9716 100644 --- a/bootloaders.io/content/bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.md +++ b/bootloaders.io/content/bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98.md b/bootloaders.io/content/bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98.md index 41f7a94..b004625 100644 --- a/bootloaders.io/content/bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98.md +++ b/bootloaders.io/content/bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/eefbdef0-8570-4a68-9824-042e17b71f98.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/eefbdef0-8570-4a68-9824-042e17b71f98.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69.md b/bootloaders.io/content/bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69.md index cd5b375..2e940b8 100644 --- a/bootloaders.io/content/bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69.md +++ b/bootloaders.io/content/bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ef578b44-9fd5-4d83-9609-4c955babbd69.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ef578b44-9fd5-4d83-9609-4c955babbd69.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368.md b/bootloaders.io/content/bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368.md index 62a5b4d..45444e4 100644 --- a/bootloaders.io/content/bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368.md +++ b/bootloaders.io/content/bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/1feeb7cf14b7809b43c9044ff910afd2.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1feeb7cf14b7809b43c9044ff910afd2.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/eff3ed05-f849-4ea0-9f4f-1af40e48c368.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/eff3ed05-f849-4ea0-9f4f-1af40e48c368.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.md b/bootloaders.io/content/bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.md index a324a55..9954bed 100644 --- a/bootloaders.io/content/bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.md +++ b/bootloaders.io/content/bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.md @@ -22,7 +22,7 @@ This was provided by Trend Micro and revoked Mar-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/fcc89caed202cfa0f9d16b9e1c27d970.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/fcc89caed202cfa0f9d16b9e1c27d970.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -141,10 +141,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -209,7 +211,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f2418902-5951-4626-8a5f-79d4d022337f.md b/bootloaders.io/content/bootloaders/f2418902-5951-4626-8a5f-79d4d022337f.md index 8c502c5..6043f0c 100644 --- a/bootloaders.io/content/bootloaders/f2418902-5951-4626-8a5f-79d4d022337f.md +++ b/bootloaders.io/content/bootloaders/f2418902-5951-4626-8a5f-79d4d022337f.md @@ -22,7 +22,7 @@ This was provided by Debian Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/41218ac4af41772dbaa3d4738e0c2bf3.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/41218ac4af41772dbaa3d4738e0c2bf3.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f2418902-5951-4626-8a5f-79d4d022337f.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f2418902-5951-4626-8a5f-79d4d022337f.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d.md b/bootloaders.io/content/bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d.md index 0419d43..16cdc38 100644 --- a/bootloaders.io/content/bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d.md +++ b/bootloaders.io/content/bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d.md @@ -22,7 +22,7 @@ This was provided by TeraByte Inc. and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/fbec641d8564e4e48784b2b07dd9c196.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/fbec641d8564e4e48784b2b07dd9c196.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f4268520-fd18-40df-aecf-b2a6e8dcf27d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f4268520-fd18-40df-aecf-b2a6e8dcf27d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70.md b/bootloaders.io/content/bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70.md index 5c29941..01b73b7 100644 --- a/bootloaders.io/content/bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70.md +++ b/bootloaders.io/content/bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f4e945a8-aa6f-48dc-822c-ff44ce513b70.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f4e945a8-aa6f-48dc-822c-ff44ce513b70.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.md b/bootloaders.io/content/bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.md index 38a9129..aedb879 100644 --- a/bootloaders.io/content/bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.md +++ b/bootloaders.io/content/bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0.md b/bootloaders.io/content/bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0.md index ec9de2c..b9009c5 100644 --- a/bootloaders.io/content/bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0.md +++ b/bootloaders.io/content/bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f5fabb82-d43d-45ec-b057-5963c46113a0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f5fabb82-d43d-45ec-b057-5963c46113a0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f651508a-842a-4af6-b332-559fc9897806.md b/bootloaders.io/content/bootloaders/f651508a-842a-4af6-b332-559fc9897806.md index 19c0331..6283444 100644 --- a/bootloaders.io/content/bootloaders/f651508a-842a-4af6-b332-559fc9897806.md +++ b/bootloaders.io/content/bootloaders/f651508a-842a-4af6-b332-559fc9897806.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f651508a-842a-4af6-b332-559fc9897806.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f651508a-842a-4af6-b332-559fc9897806.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999.md b/bootloaders.io/content/bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999.md index 84e4aa0..7092822 100644 --- a/bootloaders.io/content/bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999.md +++ b/bootloaders.io/content/bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999.md @@ -22,7 +22,7 @@ This was provided by Unknown and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f65396ab-3920-4a6d-9bf0-fbbf62d52999.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f65396ab-3920-4a6d-9bf0-fbbf62d52999.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.md b/bootloaders.io/content/bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.md index abaa0a0..2f4d1f9 100644 --- a/bootloaders.io/content/bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.md +++ b/bootloaders.io/content/bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.md @@ -22,7 +22,7 @@ This was provided by Canonical Ltd and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/9c9e2e8f49820dbed91f5cae846bbadb.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9c9e2e8f49820dbed91f5cae846bbadb.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -116,10 +116,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -139,7 +141,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.md b/bootloaders.io/content/bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.md index 2fb61d3..221fc5a 100644 --- a/bootloaders.io/content/bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.md +++ b/bootloaders.io/content/bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.md @@ -22,7 +22,7 @@ This was provided by SUSE Linux and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8.md b/bootloaders.io/content/bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8.md index 68e8608..5ae012f 100644 --- a/bootloaders.io/content/bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8.md +++ b/bootloaders.io/content/bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/2eb1ef37d6d0425c505df369802d5d54.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/2eb1ef37d6d0425c505df369802d5d54.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/f922e65f-baea-45c6-bdfa-0b6ab679bda8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f922e65f-baea-45c6-bdfa-0b6ab679bda8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.md b/bootloaders.io/content/bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.md index 1092865..ad86209 100644 --- a/bootloaders.io/content/bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.md +++ b/bootloaders.io/content/bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf.md b/bootloaders.io/content/bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf.md index 1ce9814..4cc129a 100644 --- a/bootloaders.io/content/bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf.md +++ b/bootloaders.io/content/bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf.md @@ -22,7 +22,7 @@ This was provided by Debian and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/faa5ce45-c815-4eec-a757-84e1b181afcf.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/faa5ce45-c815-4eec-a757-84e1b181afcf.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.md b/bootloaders.io/content/bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.md index 81c79f1..4d81beb 100644 --- a/bootloaders.io/content/bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.md +++ b/bootloaders.io/content/bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.md @@ -22,7 +22,7 @@ This was provided by EgoSecure and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.md b/bootloaders.io/content/bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.md index 1c042a3..6b5ded4 100644 --- a/bootloaders.io/content/bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.md +++ b/bootloaders.io/content/bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.md @@ -22,7 +22,7 @@ This was provided by HP and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/d55f2dc318b152d9d722021bf8376658.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d55f2dc318b152d9d722021bf8376658.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.md b/bootloaders.io/content/bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.md index a195f80..7c3cb08 100644 --- a/bootloaders.io/content/bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.md +++ b/bootloaders.io/content/bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a.md b/bootloaders.io/content/bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a.md index c8d9aa3..2a7839d 100644 --- a/bootloaders.io/content/bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a.md +++ b/bootloaders.io/content/bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/6b65628a2e6b0cf6bd54965da59a8b43.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/6b65628a2e6b0cf6bd54965da59a8b43.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fc53d49c-f8d1-4a46-91be-205a0ec0515a.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fc53d49c-f8d1-4a46-91be-205a0ec0515a.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.md b/bootloaders.io/content/bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.md index ba43186..8dd11b9 100644 --- a/bootloaders.io/content/bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.md +++ b/bootloaders.io/content/bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -106,10 +106,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -129,7 +131,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.md b/bootloaders.io/content/bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.md index bb8c060..4f73ec0 100644 --- a/bootloaders.io/content/bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.md +++ b/bootloaders.io/content/bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.md @@ -22,7 +22,7 @@ This was provided by Red Hat, Inc. and revoked Apr-21 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -113,10 +113,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -136,7 +138,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00.md b/bootloaders.io/content/bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00.md index 3a73ad5..f269df0 100644 --- a/bootloaders.io/content/bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00.md +++ b/bootloaders.io/content/bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00.md @@ -22,7 +22,7 @@ This was provided by Miray Software AG and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/a1a05331029aa3aa0fd396897cb46e8a.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a1a05331029aa3aa0fd396897cb46e8a.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fec3976c-cd0e-4929-a01d-23c584cf7e00.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fec3976c-cd0e-4929-a01d-23c584cf7e00.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d.md b/bootloaders.io/content/bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d.md index d7b99b3..240509d 100644 --- a/bootloaders.io/content/bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d.md +++ b/bootloaders.io/content/bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d.md @@ -22,7 +22,7 @@ This was provided by Fedora Project and revoked Jul-20 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/f2c580ccd60898d4aa2676249d67c171.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f2c580ccd60898d4aa2676249d67c171.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -148,10 +148,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -216,7 +218,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/fecfe761-f926-4a24-bb10-bf4b8d96750d.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fecfe761-f926-4a24-bb10-bf4b8d96750d.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6.md b/bootloaders.io/content/bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6.md index 189d80d..9b7c3d3 100644 --- a/bootloaders.io/content/bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6.md +++ b/bootloaders.io/content/bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6.md @@ -22,7 +22,7 @@ This was provided by Microsoft and revoked May-23 - **Author**: Michael Haag - **Acknowledgement**: | [](https://twitter.com/) -{{< button "https://github.com/magicsword-io/LOLbootloaders/raw/main/bootloaders/28196e29d41524919202b6bd1e38f35c.bin" "Download" >}} +{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/28196e29d41524919202b6bd1e38f35c.bin" "Download" >}} {{< tip "warning" >}} {{< /tip >}} @@ -57,10 +57,10 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sigma 🛡️ {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} {{< /details >}} @@ -71,9 +71,9 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  #### Sysmon 🔎 {{< details "Expand" >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} -{{< button "https://github.com/magicsword-io/LOLbootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} +{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} {{< /details >}} @@ -145,10 +145,12 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### Imports {{< details "Expand" >}} +* {{< /details >}} #### ImportedFunctions @@ -213,7 +215,7 @@ bcdedit /copy "{current}" /d "LOLDrivers" | {% if ($_ -match  -[*source*](https://github.com/magicsword-io/LOLbootloaders/tree/main/yaml/ff057f2b-0bc9-4318-a017-66307880a7c6.yaml) +[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ff057f2b-0bc9-4318-a017-66307880a7c6.yaml) *last_updated:* 2023-08-02 diff --git a/bootloaders.io/content/bootloaders_top_5_os.csv b/bootloaders.io/content/bootloaders_top_5_os.csv new file mode 100644 index 0000000..36784d3 --- /dev/null +++ b/bootloaders.io/content/bootloaders_top_5_os.csv @@ -0,0 +1,520 @@ +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +345,64-bit +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +94,32-bit ARM +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +71,32-bit +10,64-bit ARM +10,64-bit ARM +10,64-bit ARM +10,64-bit ARM +10,64-bit ARM +10,64-bit ARM +10,64-bit ARM +10,64-bit ARM +10,64-bit ARM +10,64-bit ARM diff --git a/bootloaders.io/content/bootloaders_top_5_products.csv b/bootloaders.io/content/bootloaders_top_5_products.csv deleted file mode 100644 index 6f1e382..0000000 --- a/bootloaders.io/content/bootloaders_top_5_products.csv +++ /dev/null @@ -1,66 +0,0 @@ -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System -66,Microsoft® Windows® Operating System diff --git a/bootloaders.io/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.content b/bootloaders.io/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.content index f65281a..e9f0815 100644 --- a/bootloaders.io/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.content +++ b/bootloaders.io/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.content @@ -1,3 +1,3 @@ -html{--info-icon: url('http://localhost:1313/icons/info.svg');--sun-icon: url('http://localhost:1313/icons/sun.svg');--moon-icon: url('http://localhost:1313/icons/moon.svg');--next-icon: url('http://localhost:1313/icons/next.svg')}html{--color-mode: "light";--light: #fff;--dark: rgb(28,28,30);--haze: #f2f5f7;--bubble: rgb(36,36,38);--accent: var(--haze);--bg: var(--light);--code-bg: var(--accent);--overlay: var(--light);--text: #111;--font: 'Metropolis', sans-serif;--border-color: #eee;--inline-color: darkgoldenrod;--theme: rgb(52,199,89);--ease: ease;--search-border-color: transparent;--next-icon-path: url(../images/icons/double-arrow.svg);--never-icon-path: url(../images/sitting.svg)}html[data-mode="dark"]{--color-mode: "dark";--theme: rgb(48,209,88);--bg: var(--dark);--text: #eee;--accent: var(--bubble);--overlay: var(--bubble);--border-color: transparent;--search-bg: var(--accent);--search-border-color: var(--accent)}html[data-mode="dark"] *{box-shadow:none !important}html[data-mode="dark"] .color_choice::after{background-image:var(--moon-icon)}@media (prefers-color-scheme: dark){html.dark:not([data-mode="light"]){--color-mode: "dark";--theme: rgb(48,209,88);--bg: var(--dark);--text: #eee;--accent: var(--bubble);--overlay: var(--bubble);--border-color: transparent;--search-bg: var(--accent);--search-border-color: var(--accent)}html.dark:not([data-mode="light"]) *{box-shadow:none !important}}blockquote+.highlight_wrap{margin-top:2.25rem}*{box-sizing:border-box;-webkit-appearance:none;margin:0;padding:0}body,html{scroll-behavior:smooth;scroll-padding-top:1rem;font-kerning:normal;-webkit-text-size-adjust:100%;font-size:18px}body{font-family:var(--font);background-color:var(--bg);color:var(--text);line-height:1.5;margin:0 auto;position:relative;font-kerning:normal;display:flex;flex-direction:column;justify-content:space-between;min-height:100vh;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;-webkit-overflow-scrolling:touch;max-width:1440px}@media screen and (min-width: 1640px){body{max-width:1600px}}a{text-decoration:none;color:inherit}p{padding:0.75rem 0}p:empty{display:none}li,li p{padding:0.25rem 0}blockquote{opacity:0.8;padding:1rem;position:relative;quotes:"“" "”" "‘" "’";margin:0.75rem 0;display:flex;flex-flow:row wrap;background-repeat:no-repeat;background-size:5rem;background-position:50% 50%;position:relative;background-color:var(--accent);border-radius:0.25rem;overflow:hidden}blockquote::before{content:"";padding:2px;position:absolute;top:0;bottom:0;left:0;background:var(--theme)}blockquote p{padding-left:0.5rem !important;font-size:1.1rem !important;width:100%;font-style:italic}h1,h2,h3,h4,h5{font-family:inherit;font-weight:500;padding:0.33rem 0;color:inherit;line-height:1.35}h1{font-size:200%}h2{font-size:175%}h3{font-size:150%}h4{font-size:125%}h5{font-size:120%}h6{font-size:100%}img,svg,figure{max-width:100%;vertical-align:middle}img{height:auto;margin:1rem auto;padding:0}main{flex:1}@media screen and (min-width: 42rem){main{padding-bottom:45px}}ol,ul{list-style:none}b,strong{font-weight:500}hr{border:none;padding:1px;background:var(--border-color);margin:1rem 0}.aside{overflow-y:auto;background:var(--bg);border-radius:0.25rem;align-self:start;max-height:80vh;position:sticky;z-index:9999;top:0;padding:1rem 0}@media screen and (min-width: 42rem){.aside{padding:1rem 1.5rem;top:2.5rem;margin-top:1rem;padding-top:0}}.aside_inner{height:0;overflow:hidden}@media screen and (min-width: 42rem){.aside_inner{height:initial}}.aside.show .aside_inner{height:initial;overflow:visible}.aside_toggle{padding:0.5rem 1.5rem;border-radius:0.5rem;background:var(--accent);transform:translateY(-1rem);display:flex;justify-content:space-between}@media screen and (min-width: 42rem){.aside_toggle{display:none}}.aside h3{position:relative}.aside ul{padding:0;list-style:none}th,td{padding:0.5rem;font-weight:400 !important}th:not(:first-child),td:not(:first-child){padding-left:1.5rem}thead{background:var(--theme);color:var(--light);font-weight:400;text-align:left}tbody tr:nth-child(even){background-color:var(--accent) !important;box-shadow:0 1rem 0.75rem -0.75rem rgba(0,0,0,0.07)}table{margin:1.5rem 0;width:100%}.main{flex:1}@media screen and (max-width: 667px){.main>.grid-auto{grid-gap:0}}.page-home h1{font-weight:300}.content ul,.content ol{padding-left:1.1rem}.content ul{list-style:initial}.content ol{list-style:decimal}.content a:not(.button){color:var(--theme)}::placeholder{font-size:1rem}svg.icon_sort{fill:var(--light);height:0.7rem;width:0.7rem;display:inline-block;margin-left:auto;vertical-align:middle}canvas{margin:2.5rem auto 0 auto;max-width:450px !important;max-height:450px !important}footer{min-height:150px}del{opacity:0.5}#toTop{background:transparent;outline:0.5rem solid transparent;height:2rem;width:2rem;cursor:pointer;padding:0.5rem;display:flex;align-items:center;justify-content:center;position:fixed;right:0;bottom:2.25rem;transform:rotate(45deg) translate(5rem);opacity:0;transition:opacity 0.5s var(--ease),transform 0.25s var(--ease);z-index:5}#toTop.active{right:1.5rem;opacity:1;transform:rotate(45deg) translate(0)}#toTop::after,#toTop::before{position:absolute;display:block;width:1rem;height:1rem;content:"";border-left:1px solid var(--text);border-top:1px solid var(--text)}#toTop::after{width:0.67rem;height:0.67rem;transform:translate(0.1rem, 0.1rem)}.nav{display:grid;grid-gap:1rem;padding:0 1.5rem !important;align-items:center;background-color:var(--bg)}@media screen and (min-width: 992px){.nav{grid-template-columns:10rem 1fr}}.nav_brand{position:relative}.nav_brand picture,.nav_brand img{max-width:10rem}.nav_header{position:absolute;top:0;left:0;width:100%;background-color:var(--bg);z-index:999999}.nav_toggle{position:absolute;top:0;bottom:0;width:3rem;display:flex;align-items:center;justify-content:flex-end;text-align:center;right:0;color:var(--text)}@media screen and (min-width: 992px){.nav_toggle{display:none}}.nav_body{display:flex;flex-direction:column;background:var(--accent);position:fixed;left:0;top:0;bottom:0;height:100vh;transition:transform 0.25s var(--ease);transform:translateX(-101vw)}@media screen and (min-width: 992px){.nav_body{transform:translateX(0);position:relative;height:initial;justify-content:flex-end;background:transparent;flex-direction:row}}.nav.show .nav_body{transform:translateX(0);box-shadow:0 1rem 4rem rgba(0,0,0,0.1);background:var(--bg)}.nav.show .nav_body li:first-child{margin:1.5rem 1rem 0.5rem 1rem}.nav-link{display:inline-flex;padding:0.5rem 1rem}.nav-item{display:grid;align-items:center}@media screen and (min-width: 992px){.nav-item .search{margin-right:1.5rem}}.nav_repo picture,.nav_repo img{max-width:1.25rem}.section_title{font-size:1.25rem}.section_link{font-size:1rem;font-weight:400}.sidebar-link{display:grid;padding:0.2rem 0}.toc{border-left:2px solid var(--theme);padding:0 1rem;height:0;overflow:hidden;filter:opacity(0.87)}.toc_item{font-size:0.9rem}.toc_active{height:initial}.search{flex:1;display:flex;justify-content:flex-end;position:relative}.search_field{padding:0.5rem 1.5rem 0.5rem 2.5rem;border-radius:1.5rem;width:13.5rem;outline:none;border:1px solid var(--search-border-color);background:transparent;color:var(--text);box-shadow:0 1rem 4rem rgba(0,0,0,0.17);font-size:1rem}.search_field:hover,.search_field:focus{background:var(--search-bg)}.search_label{width:1rem;height:1rem;position:absolute;left:0.33rem;top:0.25rem;opacity:0.33}.search_label svg{width:100%;height:100%;fill:var(--text)}.search_result{padding:0.5rem 1rem}.search_result:not(.passive):hover{background-color:var(--theme);color:var(--light)}.search_result.passive{display:grid}.search_results{width:13.5rem;background-color:var(--overlay);border-radius:0 0 0.25rem 0.25rem;box-shadow:0 1rem 4rem rgba(0,0,0,0.17);position:absolute;top:125%;display:grid;overflow:hidden;z-index:5}.search_results:empty{display:none}.search_title{padding:0.5rem 1rem 0.5rem 1rem;background:var(--theme);color:var(--light);font-size:0.9rem;opacity:0.87;text-transform:uppercase}.button{background-color:var(--theme);color:var(--light);border-radius:0.25rem;display:inline-block;padding:0.75rem 1.25rem;text-align:center}.button:hover{opacity:0.84}.button+.button{background-color:var(--haze);color:var(--dark)}.button_grid{display:grid;max-width:15rem;grid-gap:1rem;grid-template-columns:repeat(auto-fit, minmax(12rem, 1fr))}@media screen and (min-width: 557px){.button_grid{max-width:25rem}}.video{overflow:hidden;padding-bottom:56.25%;position:relative;height:0;margin:1.5rem 0;border-radius:0.6rem;background-color:var(--bg);box-shadow:0 1rem 2rem rgba(0,0,0,0.17)}.video iframe{left:0;top:0;height:100%;width:100%;border:none;position:absolute;transform:scale(1.02)}.icon{width:1.1rem;height:1.1rem;display:inline-flex;justify-content:center;align-items:center;margin:0 0.5rem}.link{opacity:0;position:relative}.link_owner:hover .link{opacity:1}.link_yank{opacity:1}.link_yanked{position:absolute;right:-2.2rem;top:-2rem;background-color:var(--theme);color:var(--light);width:7rem;padding:0.25rem 0.5rem;font-size:0.9rem;border-radius:1rem;text-align:center}.link_yanked::after{position:absolute;top:1rem;content:"";border-color:var(--theme) transparent;border-style:solid;border-width:1rem 1rem 0 1rem;height:0;width:0;transform-origin:50% 50%;transform:rotate(145deg);right:0.45rem}.gallery{width:100%;column-count:3;column-gap:1rem}@media screen and (max-width: 667px){.gallery{column-count:2}}.gallery_item{background-color:transparent;margin:0 0 1rem}.gallery_image{margin:0 auto}.pager{display:flex;justify-content:space-between;align-items:center;padding-top:2rem;margin:2rem 0;max-width:100vw;overflow:hidden}.pager svg{filter:opacity(0.75);width:1.25rem;height:1rem;transform-origin:50% 50%}.pager_lean{justify-content:flex-end}.pager_label{max-width:100%;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}.pager_link{padding:0.5rem 1rem;border-radius:0.25rem;width:12.5rem;max-width:40vw;position:relative;display:flex;align-items:center;text-align:center;justify-content:center}.pager_link::before,.pager_link::after{background-image:var(--next-icon);height:0.8rem;width:0.8rem;background-size:100%;background-repeat:no-repeat;transform-origin:50% 50%}.pager_item{display:flex;flex-direction:column;flex:1;max-width:48%}.pager_item.prev{align-items:flex-start}.pager_item.next{align-items:flex-end}.pager_item.next::after{content:""}.pager_item.prev .pager_link::before{content:"";transform:rotate(180deg);margin-right:0.67rem}.pager_item.next .pager_link::after{content:"";margin-left:0.67rem}.pager_item.next .pager_link{grid-template-columns:1fr 1.5rem}.pager_meta{margin:0.5rem 0}.color_mode{height:1rem;margin-left:1.5rem}.color_choice{outline:none;border:none;-webkit-appearance:none;height:1rem;position:relative;width:1rem;border-radius:1rem;cursor:pointer;z-index:2;right:0;filter:contrast(0.8)}.color_choice::after{content:"";top:0.1rem;bottom:0;left:0;position:absolute;height:0.8rem;background:var(--accent);width:0.8rem;border-radius:0.25rem;z-index:3;transform:scale(1.67);transform-origin:50% 50%;transition:transform 0.5s cubic-bezier(0.19, 1, 0.22, 1);will-change:transform;background-image:var(--sun-icon);background-size:60%;background-repeat:no-repeat;background-position:center}.color_icon{height:1rem;width:1rem;margin:0;z-index:4;position:absolute;transform:translateY(-50%);transition:transform 0.5s cubic-bezier(0.19, 1, 0.22, 1);right:3.5rem}.tip{padding:1.5rem 1rem 1.5rem 1.5rem;margin:1.5rem 0;border-left:0.2rem solid var(--theme);position:relative;background:var(--accent)}.tip blockquote{padding:0;margin:0;border:none}.tip blockquote::before{display:none}.tip p:first-child,.tip p~p{padding-top:0}.tip p:last-child{padding-bottom:0}.tip_warning{--theme: var(--inline-color)}.tip_warning::before{transform:rotate(180deg)}.tip::before{content:"";position:absolute;left:-0.85rem;top:1.5rem;z-index:3;padding:0.75rem;transform-origin:50% 50%;border-radius:50%;background-color:var(--theme);background-image:var(--info-icon);background-size:12%;background-position:50% 50%;background-repeat:no-repeat}.mermaid{--theme: darkgoldenrod;background-color:transparent !important;margin-bottom:2.5rem}.mermaid svg{margin:0 auto;display:block}.mermaid .actor,.mermaid .labelBox,.mermaid .classGroup rect{fill:var(--theme) !important;stroke:var(--theme) !important}.mermaid .messageText,.mermaid tspan,.mermaid text{fill:var(--text) !important;stroke:var(--text) !important}.mermaid .messageLine0,.mermaid .loopLine{stroke:var(--theme) !important;fill:var(--theme) !important}.post{margin:0 auto;width:100%}.post p,.post h1,.post h2,.post h3,.post h4,.post h5,.post h6,.post blockquote,.post ol,.post ul,.post .highlight_wrap,.post hr{max-width:840px !important;margin-left:auto;margin-right:auto}@media screen and (min-width: 1025px){.post img:not(.icon){display:block;width:100vw;max-width:1024px;margin-left:auto;margin-right:auto}}.post h2,.post h3,.post h4{margin:0.5rem auto;text-align:left;padding:5px 0 0 0}.post p{padding-bottom:0.5rem;padding-top:0.5rem;font-size:1.05rem}.posts{display:flex;justify-content:space-between;flex-flow:row wrap;width:100%;align-items:stretch}.posts:not(.aside){padding:0 30px}.post ol{padding:1rem 1.25rem}.post_body img{width:100%;max-width:100%}.post_inner a{color:var(--theme);transition:all 0.3s}.post_inner a:hover{opacity:0.8;text-decoration:underline}.post_inner img:not(.icon){margin-bottom:2rem;box-shadow:0 1.5rem 1rem -1rem rgba(0,0,0,0.25)}.post_inner img:not(.icon)~h1,.post_inner img:not(.icon)~h2,.post_inner img:not(.icon)~h3,.post_inner img:not(.icon)~h4{margin-top:0;padding-top:0}.post .icon{margin-top:0;margin-bottom:0}.post_date{color:var(--theme)}.post_copy{opacity:0;transition:opacity 0.3s ease-out}.post_item{box-shadow:0 0 3rem rgba(0,0,0,0.17);margin:1.25rem 0;border-radius:10px;overflow:hidden;width:100%}.post_item:hover{box-shadow:0 0 5rem rgba(0,0,0,0.255)}@media screen and (min-width: 667px){.post_item{width:47%}}.post_item:hover .post_copy{opacity:1}.post_link{padding:2.5px 0;font-size:1.25em;margin:2.5px 0;text-align:left}.post_meta{overflow:hidden;opacity:0.8;font-size:0.84rem;font-weight:500;display:inline-grid;grid-template-columns:auto 1fr;background-color:var(--light);padding:0;align-items:center;border-radius:0.3rem;color:var(--dark);text-transform:capitalize}.post_meta a:hover{color:var(--theme);text-decoration:underline;opacity:0.9}.post_extra{display:flex;justify-content:flex-end}.post_tag{font-size:0.75rem !important;font-weight:500;background:var(--theme);color:var(--light);padding:0.25rem 0.67rem !important;text-transform:uppercase;display:inline-flex;border-radius:5px}.post_title{margin:1.75rem 0 1rem}.post_time{background:var(--theme);display:inline-grid;padding:0.2rem 0.75rem;color:var(--light)}.post_thumbnail{width:100%;margin:0}.post_nav{padding:3rem 1.5rem;display:grid;margin:2.25rem auto 1rem;text-align:center;color:var(--theme);text-transform:uppercase}.post_nav,.post_nav span{position:relative;z-index:3}.post_nav::before{content:"";position:absolute;background:var(--accent);top:0;left:0;bottom:0;right:0;z-index:1;border-radius:1rem}.post_next{display:inline-grid;margin:0 auto;width:10rem;grid-template-columns:1fr 1.33rem}.post_next::after{content:"";background-image:var(--next-icon-path);background-repeat:repeat no-repeat;background-size:0.8rem;background-position:center right}.excerpt{padding:0 10px 1.5rem 10px;position:relative;z-index:1}.excerpt_meta{display:flex;justify-content:space-between;align-items:center;transform:translateY(-2.5rem);position:relative;z-index:5}.archive_item{display:grid;padding:1.5rem 0}.archive_title{margin:0}.article{box-shadow:0 0.5rem 2rem rgba(0,0,0,0.12);overflow:hidden;border-radius:0.5rem}.article_title{margin:0}.article_excerpt{transition:height 0.5s, opacity 0.5s}.article_excerpt:not(.visible){height:0;opacity:0}.article_excerpt,.article_meta{transform-origin:bottom}.article_meta{padding:10px 1.25rem 1.25rem;color:var(--text);position:relative;z-index:2;transition:margin-top 0.5s;background:var(--bg)}.article_meta.center_y{transform-origin:center;transition:transform 0.5s;display:flex;flex-direction:column;justify-content:center}@media screen and (min-width: 42rem){.article_meta.center_y{left:-2rem}}.article_thumb{display:grid;position:relative;z-index:0;overflow:hidden;height:15rem;background-size:cover;background-position:50% 50%}@media screen and (min-width: 35rem){.article_thumb{height:22.5rem}}.article_thumb img{transition:transform 0.5s, opacity 0.5s}.article_thumb::after{content:'';position:absolute;top:0;left:0;width:100%;bottom:0;z-index:1;background:var(--bg);opacity:0;transition:opacity 0.1s ease-out}.article_showcase .article_thumb{height:15rem}.article_showcase .article_meta{padding-top:1.5rem}.article:hover .article_thumb img{transform:scale(1.1)}.article:hover .article_thumb::after{transition:opacity 0.1s ease-out;opacity:0.5}.article:hover .article_excerpt:not(.visible){height:75px;opacity:1}.article:hover .article_meta:not(.center_y){margin-top:-75px}@media screen and (min-width: 769px){.article:hover .article_meta.center_y{transform:translateX(-3rem)}}.article:hover{box-shadow:0 1.5rem 6rem rgba(0,0,0,0.17)}.article:hover a{color:initial !important}.article_hidden{display:none}.wrap{max-width:1240px}@media screen and (min-width: 1640px){.wrap{max-width:1600px}}.wrap,.wrap{width:100%;padding:0 25px;margin:0 auto}.pt-1{padding-top:1.5rem}.pb-1{padding-bottom:1.5rem}.mt-1{margin-top:1.5rem}.mb-1{margin-bottom:1.5rem}.pt-2{padding-top:3rem}.pb-2{padding-bottom:3rem}.mt-2{margin-top:3rem}.mb-2{margin-bottom:3rem}.pt-3{padding-top:4.5rem}.pb-3{padding-bottom:4.5rem}.mt-3{margin-top:4.5rem}.mb-3{margin-bottom:4.5rem}.pt-4{padding-top:6rem}.pb-4{padding-bottom:6rem}.mt-4{margin-top:6rem}.mb-4{margin-bottom:6rem}.grid-2,.grid-3,.grid-4,.grid-auto,.grid-reverse{display:grid;grid-template-columns:1fr}[class*='grid-']{grid-gap:2rem}@media screen and (min-width: 42rem){.grid-auto{grid-template-columns:2fr 5fr}.grid-reverse{grid-template-columns:3fr 1fr}.grid-2{grid-template-columns:repeat(2, 1fr)}.grid-3{grid-template-columns:repeat(auto-fit, minmax(15rem, 1fr))}.grid-4{grid-template-columns:repeat(auto-fit, minmax(12rem, 1fr))}}.active{color:var(--theme)}.is{background:var(--theme);color:var(--light)}.toggle svg{fill:var(--text);display:inline-block;transform-origin:50% 50%;transform:scale(1.2);cursor:pointer;margin:0}.scrollable{width:100%;overflow-x:hidden;max-width:calc(100vw - 48px)}@media screen and (min-width: 768px){.scrollable{max-width:100%}}.scrollable:hover{overflow-x:auto}.chart{display:grid;grid-gap:1.5rem;max-width:98vw !important;max-height:98vw !important}.link{display:inline-flex;align-items:center;width:2.5rem;margin:0 0.25rem;padding:0 0.25rem;opacity:0;transition:opacity 0.3s cubic-bezier(0.39, 0.575, 0.565, 1)}.link svg,.link img{width:1.5rem;height:1.5rem;fill:var(--theme)}.link_owner:hover .link{opacity:0.9}.copy{cursor:pointer}@keyframes pulse{0%{opacity:1}75%{opacity:0.1}100%{opacity:1}}code{font-size:15px;font-weight:400;overflow-y:hidden;display:block;font-family:'Monaco', monospace;word-break:break-all}code.noClass{color:var(--inline-color);display:inline;line-break:anywhere}.windows .highlight{overflow-x:hidden}.windows .highlight:hover{overflow-x:auto}.highlight{display:grid;width:100%;border-radius:0 0.2rem 0.2rem 0;overflow-x:auto;position:relative}.highlight_wrap{display:grid;background:var(--code-bg) !important;border-radius:0.5rem;position:relative;padding:0 1rem;margin:1.5rem auto 1rem auto}.highlight_wrap .highlight_wrap{margin:0;padding:0}.highlight_wrap+.highlight_wrap{margin-top:2.25rem}.highlight_wrap:hover>div{opacity:1}.highlight_wrap .lang{position:absolute;top:0;right:0;text-align:right;width:7.5rem;padding:0.5rem 1rem;font-style:italic;text-transform:uppercase;font-size:67%;opacity:0.5;color:var(--text)}.highlight_wrap:hover .lang{opacity:0.1}.highlight .highlight{margin:0}.highlight pre{color:var(--text) !important;border-radius:4px;font-family:'Monaco', monospace;padding-top:1.5rem;padding-bottom:2rem}.highlight table{display:grid;max-width:100%;margin-bottom:0;background:transparent}.highlight td,.highlight th{padding:0}.highlight .lntd{width:100%;border:none}.highlight .lntd:first-child,.highlight .lntd:first-child pre{width:2.5rem !important;padding-left:0;padding-right:0;color:rgba(255,255,255,0.5);user-select:none}.highlight .lntd:first-child pre{width:100%;display:flex;align-items:center;flex-direction:column}.err{color:#a61717}.hl{width:100%;background:var(--inline-color)}.ln,.lnt{margin-right:0.75rem;padding:0;transition:opacity 0.3s var(--ease)}.ln,.ln span,.lnt,.lnt span{color:var(--text);opacity:0.5;user-select:none}.k,.kc,.kd,.kn,.kp,.kr,.kt,.nt{color:#6ab825;font-weight:500}.kn,.kp{font-weight:400}.nb,.no,.nv{color:#24909d}.nc,.nf,.nn{color:#447fcf}.s,.sa,.sb,.sc,.dl,.sd,.s2,.se,.sh,.si,.sx,.sr,.s1,.ss{color:#ed9d13}.m,.mb,.mf,.mh,.mi,.il,.mo{color:#3677a9}.ow{color:#6ab825;font-weight:500}.c,.ch,.cm,.c1{color:#999;font-style:italic}.cs{color:#e50808;background-color:#520000;font-weight:500}.cp,.cpf{color:#cd2828;font-weight:500}.gd,.gr{color:#d22323}.ge{font-style:italic}.gh,.gu,.nd,.na,.ne{color:#ffa500;font-weight:500}.gi{color:#589819}.go{color:#ccc}.gp{color:#aaa}.gs{font-weight:500}.gt{color:#d22323}.w{color:#666}.hljs-string{color:#6ab825}.hljs-attr{color:#ed9d13}.p .hljs-attr{color:var(--light)}.pre_wrap{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.pre_nolines.ln{display:none}.panel_box{display:inline-flex;perspective:300px;grid-gap:1rem;transition:opacity 0.3s var(--easing);background:var(--code-bg);padding:0.5rem 1.5rem;border-radius:2rem;align-items:center;position:absolute;right:0rem;top:-2.1rem;opacity:0}.panel_icon{display:inline-flex;align-items:center;justify-content:center;cursor:pointer;padding:0.1rem;transform-origin:50% 50%;margin:0}.panel_icon.active{animation:pulse 0.1s linear}.panel_icon svg{fill:var(--text);width:1.5rem;height:1.5rem}.panel_hide{display:none}.panel_from{position:absolute;color:var(--theme);bottom:0;font-size:1.5rem;font-weight:500;padding:0.5rem 0;cursor:pointer;letter-spacing:0.1px;z-index:19}.panel_expanded .panel_from{display:none}.shell{position:relative}.shell::before{content:"$";position:relative;margin-right:0.36rem}.line-flex{display:flex}@font-face{font-family:'Metropolis';font-style:normal;font-weight:400;src:local("Metropolis Regular"),local("Metropolis-Regular"),url("../fonts/Metropolis-Regular.woff2") format("woff2"),url("../fonts/Metropolis-Regular.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:normal;font-weight:300;src:local("Metropolis Light"),local("Metropolis-Light"),url("../fonts/Metropolis-Light.woff2") format("woff2"),url("../fonts/Metropolis-Light.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:italic;font-weight:300;src:local("Metropolis Light Italic"),local("Metropolis-LightItalic"),url("../fonts/Metropolis-LightItalic.woff2") format("woff2"),url("../fonts/Metropolis-LightItalic.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:normal;font-weight:500;src:local("Metropolis Medium"),local("Metropolis-Medium"),url("../fonts/Metropolis-Medium.woff2") format("woff2"),url("../fonts/Metropolis-Medium.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:italic;font-weight:500;src:local("Metropolis Medium Italic"),local("Metropolis-MediumItalic"),url("../fonts/Metropolis-MediumItalic.woff2") format("woff2"),url("../fonts/Metropolis-MediumItalic.woff") format("woff");font-display:swap}@font-face{font-family:'Cookie';font-style:normal;font-weight:400;src:local("Cookie-Regular"),url("../fonts/cookie-v10-latin-regular.woff2") format("woff2"),url("../fonts/cookie-v10-latin-regular.woff") format("woff");font-display:swap}@keyframes chartjs-render-animation{0%{opacity:.99}100%{opacity:1}}.chartjs-render-monitor{animation:chartjs-render-animation 1ms}.chartjs-size-monitor,.chartjs-size-monitor-expand,.chartjs-size-monitor-shrink{position:absolute;direction:ltr;left:0;top:0;right:0;bottom:0;overflow:hidden;pointer-events:none;visibility:hidden;z-index:-1}.chartjs-size-monitor-expand>div{position:absolute;width:1000000px;height:1000000px;left:0;top:0}.chartjs-size-monitor-shrink>div{position:absolute;width:200%;height:200%;left:0;top:0} +html{--info-icon: url('http://localhost:1313/icons/info.svg');--sun-icon: url('http://localhost:1313/icons/sun.svg');--moon-icon: url('http://localhost:1313/icons/moon.svg');--next-icon: url('http://localhost:1313/icons/next.svg')}html{--color-mode: "light";--light: #fff;--dark: rgb(28,28,30);--haze: #f2f5f7;--bubble: rgb(36,36,38);--accent: var(--haze);--bg: var(--light);--code-bg: var(--accent);--overlay: var(--light);--text: #111;--font: 'Metropolis', sans-serif;--border-color: #eee;--inline-color: darkgoldenrod;--theme: rgb(255,140,0) /* changed to DarkOrange */;--ease: ease;--search-border-color: transparent;--next-icon-path: url(../images/icons/double-arrow.svg);--never-icon-path: url(../images/sitting.svg)}html[data-mode="dark"]{--color-mode: "dark";--theme: rgb(0,191,255) /* remains as Deep Sky Blue */;--bg: var(--dark);--text: #eee;--accent: var(--bubble);--overlay: var(--bubble);--border-color: transparent;--search-bg: var(--accent);--search-border-color: var(--accent)}html[data-mode="dark"] *{box-shadow:none !important}html[data-mode="dark"] .color_choice::after{background-image:var(--moon-icon)}@media (prefers-color-scheme: dark){html.dark:not([data-mode="light"]){--color-mode: "dark";--theme: rgb(0,191,255) /* remains as Deep Sky Blue */;--bg: var(--dark);--text: #eee;--accent: var(--bubble);--overlay: var(--bubble);--border-color: transparent;--search-bg: var(--accent);--search-border-color: var(--accent)}html.dark:not([data-mode="light"]) *{box-shadow:none !important}}blockquote+.highlight_wrap{margin-top:2.25rem}*{box-sizing:border-box;-webkit-appearance:none;margin:0;padding:0}body,html{scroll-behavior:smooth;scroll-padding-top:1rem;font-kerning:normal;-webkit-text-size-adjust:100%;font-size:18px}body{font-family:var(--font);background-color:var(--bg);color:var(--text);line-height:1.5;margin:0 auto;position:relative;font-kerning:normal;display:flex;flex-direction:column;justify-content:space-between;min-height:100vh;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;-webkit-overflow-scrolling:touch;max-width:1440px}@media screen and (min-width: 1640px){body{max-width:1600px}}a{text-decoration:none;color:inherit}p{padding:0.75rem 0}p:empty{display:none}li,li p{padding:0.25rem 0}blockquote{opacity:0.8;padding:1rem;position:relative;quotes:"“" "”" "‘" "’";margin:0.75rem 0;display:flex;flex-flow:row wrap;background-repeat:no-repeat;background-size:5rem;background-position:50% 50%;position:relative;background-color:var(--accent);border-radius:0.25rem;overflow:hidden}blockquote::before{content:"";padding:2px;position:absolute;top:0;bottom:0;left:0;background:var(--theme)}blockquote p{padding-left:0.5rem !important;font-size:1.1rem !important;width:100%;font-style:italic}h1,h2,h3,h4,h5{font-family:inherit;font-weight:500;padding:0.33rem 0;color:inherit;line-height:1.35}h1{font-size:200%}h2{font-size:175%}h3{font-size:150%}h4{font-size:125%}h5{font-size:120%}h6{font-size:100%}img,svg,figure{max-width:100%;vertical-align:middle}img{height:auto;margin:1rem auto;padding:0}main{flex:1}@media screen and (min-width: 42rem){main{padding-bottom:45px}}ol,ul{list-style:none}b,strong{font-weight:500}hr{border:none;padding:1px;background:var(--border-color);margin:1rem 0}.aside{overflow-y:auto;background:var(--bg);border-radius:0.25rem;align-self:start;max-height:80vh;position:sticky;z-index:9999;top:0;padding:1rem 0}@media screen and (min-width: 42rem){.aside{padding:1rem 1.5rem;top:2.5rem;margin-top:1rem;padding-top:0}}.aside_inner{height:0;overflow:hidden}@media screen and (min-width: 42rem){.aside_inner{height:initial}}.aside.show .aside_inner{height:initial;overflow:visible}.aside_toggle{padding:0.5rem 1.5rem;border-radius:0.5rem;background:var(--accent);transform:translateY(-1rem);display:flex;justify-content:space-between}@media screen and (min-width: 42rem){.aside_toggle{display:none}}.aside h3{position:relative}.aside ul{padding:0;list-style:none}th,td{padding:0.5rem;font-weight:400 !important}th:not(:first-child),td:not(:first-child){padding-left:1.5rem}thead{background:var(--theme);color:var(--light);font-weight:400;text-align:left}tbody tr:nth-child(even){background-color:var(--accent) !important;box-shadow:0 1rem 0.75rem -0.75rem rgba(0,0,0,0.07)}table{margin:1.5rem 0;width:100%}.main{flex:1}@media screen and (max-width: 667px){.main>.grid-auto{grid-gap:0}}.page-home h1{font-weight:300}.content ul,.content ol{padding-left:1.1rem}.content ul{list-style:initial}.content ol{list-style:decimal}.content a:not(.button){color:var(--theme)}::placeholder{font-size:1rem}svg.icon_sort{fill:var(--light);height:0.7rem;width:0.7rem;display:inline-block;margin-left:auto;vertical-align:middle}canvas{margin:2.5rem auto 0 auto;max-width:450px !important;max-height:450px !important}footer{min-height:150px}del{opacity:0.5}#toTop{background:transparent;outline:0.5rem solid transparent;height:2rem;width:2rem;cursor:pointer;padding:0.5rem;display:flex;align-items:center;justify-content:center;position:fixed;right:0;bottom:2.25rem;transform:rotate(45deg) translate(5rem);opacity:0;transition:opacity 0.5s var(--ease),transform 0.25s var(--ease);z-index:5}#toTop.active{right:1.5rem;opacity:1;transform:rotate(45deg) translate(0)}#toTop::after,#toTop::before{position:absolute;display:block;width:1rem;height:1rem;content:"";border-left:1px solid var(--text);border-top:1px solid var(--text)}#toTop::after{width:0.67rem;height:0.67rem;transform:translate(0.1rem, 0.1rem)}.nav{display:grid;grid-gap:1rem;padding:0 1.5rem !important;align-items:center;background-color:var(--bg)}@media screen and (min-width: 992px){.nav{grid-template-columns:10rem 1fr}}.nav_brand{position:relative}.nav_brand picture,.nav_brand img{max-width:10rem}.nav_header{position:absolute;top:0;left:0;width:100%;background-color:var(--bg);z-index:999999}.nav_toggle{position:absolute;top:0;bottom:0;width:3rem;display:flex;align-items:center;justify-content:flex-end;text-align:center;right:0;color:var(--text)}@media screen and (min-width: 992px){.nav_toggle{display:none}}.nav_body{display:flex;flex-direction:column;background:var(--accent);position:fixed;left:0;top:0;bottom:0;height:100vh;transition:transform 0.25s var(--ease);transform:translateX(-101vw)}@media screen and (min-width: 992px){.nav_body{transform:translateX(0);position:relative;height:initial;justify-content:flex-end;background:transparent;flex-direction:row}}.nav.show .nav_body{transform:translateX(0);box-shadow:0 1rem 4rem rgba(0,0,0,0.1);background:var(--bg)}.nav.show .nav_body li:first-child{margin:1.5rem 1rem 0.5rem 1rem}.nav-link{display:inline-flex;padding:0.5rem 1rem}.nav-item{display:grid;align-items:center}@media screen and (min-width: 992px){.nav-item .search{margin-right:1.5rem}}.nav_repo picture,.nav_repo img{max-width:1.25rem}.section_title{font-size:1.25rem}.section_link{font-size:1rem;font-weight:400}.sidebar-link{display:grid;padding:0.2rem 0}.toc{border-left:2px solid var(--theme);padding:0 1rem;height:0;overflow:hidden;filter:opacity(0.87)}.toc_item{font-size:0.9rem}.toc_active{height:initial}.search{flex:1;display:flex;justify-content:flex-end;position:relative}.search_field{padding:0.5rem 1.5rem 0.5rem 2.5rem;border-radius:1.5rem;width:13.5rem;outline:none;border:1px solid var(--search-border-color);background:transparent;color:var(--text);box-shadow:0 1rem 4rem rgba(0,0,0,0.17);font-size:1rem}.search_field:hover,.search_field:focus{background:var(--search-bg)}.search_label{width:1rem;height:1rem;position:absolute;left:0.33rem;top:0.25rem;opacity:0.33}.search_label svg{width:100%;height:100%;fill:var(--text)}.search_result{padding:0.5rem 1rem}.search_result:not(.passive):hover{background-color:var(--theme);color:var(--light)}.search_result.passive{display:grid}.search_results{width:13.5rem;background-color:var(--overlay);border-radius:0 0 0.25rem 0.25rem;box-shadow:0 1rem 4rem rgba(0,0,0,0.17);position:absolute;top:125%;display:grid;overflow:hidden;z-index:5}.search_results:empty{display:none}.search_title{padding:0.5rem 1rem 0.5rem 1rem;background:var(--theme);color:var(--light);font-size:0.9rem;opacity:0.87;text-transform:uppercase}.button{background-color:var(--theme);color:var(--light);border-radius:0.25rem;display:inline-block;padding:0.75rem 1.25rem;text-align:center}.button:hover{opacity:0.84}.button+.button{background-color:var(--haze);color:var(--dark)}.button_grid{display:grid;max-width:15rem;grid-gap:1rem;grid-template-columns:repeat(auto-fit, minmax(12rem, 1fr))}@media screen and (min-width: 557px){.button_grid{max-width:25rem}}.video{overflow:hidden;padding-bottom:56.25%;position:relative;height:0;margin:1.5rem 0;border-radius:0.6rem;background-color:var(--bg);box-shadow:0 1rem 2rem rgba(0,0,0,0.17)}.video iframe{left:0;top:0;height:100%;width:100%;border:none;position:absolute;transform:scale(1.02)}.icon{width:1.1rem;height:1.1rem;display:inline-flex;justify-content:center;align-items:center;margin:0 0.5rem}.link{opacity:0;position:relative}.link_owner:hover .link{opacity:1}.link_yank{opacity:1}.link_yanked{position:absolute;right:-2.2rem;top:-2rem;background-color:var(--theme);color:var(--light);width:7rem;padding:0.25rem 0.5rem;font-size:0.9rem;border-radius:1rem;text-align:center}.link_yanked::after{position:absolute;top:1rem;content:"";border-color:var(--theme) transparent;border-style:solid;border-width:1rem 1rem 0 1rem;height:0;width:0;transform-origin:50% 50%;transform:rotate(145deg);right:0.45rem}.gallery{width:100%;column-count:3;column-gap:1rem}@media screen and (max-width: 667px){.gallery{column-count:2}}.gallery_item{background-color:transparent;margin:0 0 1rem}.gallery_image{margin:0 auto}.pager{display:flex;justify-content:space-between;align-items:center;padding-top:2rem;margin:2rem 0;max-width:100vw;overflow:hidden}.pager svg{filter:opacity(0.75);width:1.25rem;height:1rem;transform-origin:50% 50%}.pager_lean{justify-content:flex-end}.pager_label{max-width:100%;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}.pager_link{padding:0.5rem 1rem;border-radius:0.25rem;width:12.5rem;max-width:40vw;position:relative;display:flex;align-items:center;text-align:center;justify-content:center}.pager_link::before,.pager_link::after{background-image:var(--next-icon);height:0.8rem;width:0.8rem;background-size:100%;background-repeat:no-repeat;transform-origin:50% 50%}.pager_item{display:flex;flex-direction:column;flex:1;max-width:48%}.pager_item.prev{align-items:flex-start}.pager_item.next{align-items:flex-end}.pager_item.next::after{content:""}.pager_item.prev .pager_link::before{content:"";transform:rotate(180deg);margin-right:0.67rem}.pager_item.next .pager_link::after{content:"";margin-left:0.67rem}.pager_item.next .pager_link{grid-template-columns:1fr 1.5rem}.pager_meta{margin:0.5rem 0}.color_mode{height:1rem;margin-left:1.5rem}.color_choice{outline:none;border:none;-webkit-appearance:none;height:1rem;position:relative;width:1rem;border-radius:1rem;cursor:pointer;z-index:2;right:0;filter:contrast(0.8)}.color_choice::after{content:"";top:0.1rem;bottom:0;left:0;position:absolute;height:0.8rem;background:var(--accent);width:0.8rem;border-radius:0.25rem;z-index:3;transform:scale(1.67);transform-origin:50% 50%;transition:transform 0.5s cubic-bezier(0.19, 1, 0.22, 1);will-change:transform;background-image:var(--sun-icon);background-size:60%;background-repeat:no-repeat;background-position:center}.color_icon{height:1rem;width:1rem;margin:0;z-index:4;position:absolute;transform:translateY(-50%);transition:transform 0.5s cubic-bezier(0.19, 1, 0.22, 1);right:3.5rem}.tip{padding:1.5rem 1rem 1.5rem 1.5rem;margin:1.5rem 0;border-left:0.2rem solid var(--theme);position:relative;background:var(--accent)}.tip blockquote{padding:0;margin:0;border:none}.tip blockquote::before{display:none}.tip p:first-child,.tip p~p{padding-top:0}.tip p:last-child{padding-bottom:0}.tip_warning{--theme: var(--inline-color)}.tip_warning::before{transform:rotate(180deg)}.tip::before{content:"";position:absolute;left:-0.85rem;top:1.5rem;z-index:3;padding:0.75rem;transform-origin:50% 50%;border-radius:50%;background-color:var(--theme);background-image:var(--info-icon);background-size:12%;background-position:50% 50%;background-repeat:no-repeat}.mermaid{--theme: darkgoldenrod;background-color:transparent !important;margin-bottom:2.5rem}.mermaid svg{margin:0 auto;display:block}.mermaid .actor,.mermaid .labelBox,.mermaid .classGroup rect{fill:var(--theme) !important;stroke:var(--theme) !important}.mermaid .messageText,.mermaid tspan,.mermaid text{fill:var(--text) !important;stroke:var(--text) !important}.mermaid .messageLine0,.mermaid .loopLine{stroke:var(--theme) !important;fill:var(--theme) !important}.post{margin:0 auto;width:100%}.post p,.post h1,.post h2,.post h3,.post h4,.post h5,.post h6,.post blockquote,.post ol,.post ul,.post .highlight_wrap,.post hr{max-width:840px !important;margin-left:auto;margin-right:auto}@media screen and (min-width: 1025px){.post img:not(.icon){display:block;width:100vw;max-width:1024px;margin-left:auto;margin-right:auto}}.post h2,.post h3,.post h4{margin:0.5rem auto;text-align:left;padding:5px 0 0 0}.post p{padding-bottom:0.5rem;padding-top:0.5rem;font-size:1.05rem}.posts{display:flex;justify-content:space-between;flex-flow:row wrap;width:100%;align-items:stretch}.posts:not(.aside){padding:0 30px}.post ol{padding:1rem 1.25rem}.post_body img{width:100%;max-width:100%}.post_inner a{color:var(--theme);transition:all 0.3s}.post_inner a:hover{opacity:0.8;text-decoration:underline}.post_inner img:not(.icon){margin-bottom:2rem;box-shadow:0 1.5rem 1rem -1rem rgba(0,0,0,0.25)}.post_inner img:not(.icon)~h1,.post_inner img:not(.icon)~h2,.post_inner img:not(.icon)~h3,.post_inner img:not(.icon)~h4{margin-top:0;padding-top:0}.post .icon{margin-top:0;margin-bottom:0}.post_date{color:var(--theme)}.post_copy{opacity:0;transition:opacity 0.3s ease-out}.post_item{box-shadow:0 0 3rem rgba(0,0,0,0.17);margin:1.25rem 0;border-radius:10px;overflow:hidden;width:100%}.post_item:hover{box-shadow:0 0 5rem rgba(0,0,0,0.255)}@media screen and (min-width: 667px){.post_item{width:47%}}.post_item:hover .post_copy{opacity:1}.post_link{padding:2.5px 0;font-size:1.25em;margin:2.5px 0;text-align:left}.post_meta{overflow:hidden;opacity:0.8;font-size:0.84rem;font-weight:500;display:inline-grid;grid-template-columns:auto 1fr;background-color:var(--light);padding:0;align-items:center;border-radius:0.3rem;color:var(--dark);text-transform:capitalize}.post_meta a:hover{color:var(--theme);text-decoration:underline;opacity:0.9}.post_extra{display:flex;justify-content:flex-end}.post_tag{font-size:0.75rem !important;font-weight:500;background:var(--theme);color:var(--light);padding:0.25rem 0.67rem !important;text-transform:uppercase;display:inline-flex;border-radius:5px}.post_title{margin:1.75rem 0 1rem}.post_time{background:var(--theme);display:inline-grid;padding:0.2rem 0.75rem;color:var(--light)}.post_thumbnail{width:100%;margin:0}.post_nav{padding:3rem 1.5rem;display:grid;margin:2.25rem auto 1rem;text-align:center;color:var(--theme);text-transform:uppercase}.post_nav,.post_nav span{position:relative;z-index:3}.post_nav::before{content:"";position:absolute;background:var(--accent);top:0;left:0;bottom:0;right:0;z-index:1;border-radius:1rem}.post_next{display:inline-grid;margin:0 auto;width:10rem;grid-template-columns:1fr 1.33rem}.post_next::after{content:"";background-image:var(--next-icon-path);background-repeat:repeat no-repeat;background-size:0.8rem;background-position:center right}.excerpt{padding:0 10px 1.5rem 10px;position:relative;z-index:1}.excerpt_meta{display:flex;justify-content:space-between;align-items:center;transform:translateY(-2.5rem);position:relative;z-index:5}.archive_item{display:grid;padding:1.5rem 0}.archive_title{margin:0}.article{box-shadow:0 0.5rem 2rem rgba(0,0,0,0.12);overflow:hidden;border-radius:0.5rem}.article_title{margin:0}.article_excerpt{transition:height 0.5s, opacity 0.5s}.article_excerpt:not(.visible){height:0;opacity:0}.article_excerpt,.article_meta{transform-origin:bottom}.article_meta{padding:10px 1.25rem 1.25rem;color:var(--text);position:relative;z-index:2;transition:margin-top 0.5s;background:var(--bg)}.article_meta.center_y{transform-origin:center;transition:transform 0.5s;display:flex;flex-direction:column;justify-content:center}@media screen and (min-width: 42rem){.article_meta.center_y{left:-2rem}}.article_thumb{display:grid;position:relative;z-index:0;overflow:hidden;height:15rem;background-size:cover;background-position:50% 50%}@media screen and (min-width: 35rem){.article_thumb{height:22.5rem}}.article_thumb img{transition:transform 0.5s, opacity 0.5s}.article_thumb::after{content:'';position:absolute;top:0;left:0;width:100%;bottom:0;z-index:1;background:var(--bg);opacity:0;transition:opacity 0.1s ease-out}.article_showcase .article_thumb{height:15rem}.article_showcase .article_meta{padding-top:1.5rem}.article:hover .article_thumb img{transform:scale(1.1)}.article:hover .article_thumb::after{transition:opacity 0.1s ease-out;opacity:0.5}.article:hover .article_excerpt:not(.visible){height:75px;opacity:1}.article:hover .article_meta:not(.center_y){margin-top:-75px}@media screen and (min-width: 769px){.article:hover .article_meta.center_y{transform:translateX(-3rem)}}.article:hover{box-shadow:0 1.5rem 6rem rgba(0,0,0,0.17)}.article:hover a{color:initial !important}.article_hidden{display:none}.wrap{max-width:1240px}@media screen and (min-width: 1640px){.wrap{max-width:1600px}}.wrap,.wrap{width:100%;padding:0 25px;margin:0 auto}.pt-1{padding-top:1.5rem}.pb-1{padding-bottom:1.5rem}.mt-1{margin-top:1.5rem}.mb-1{margin-bottom:1.5rem}.pt-2{padding-top:3rem}.pb-2{padding-bottom:3rem}.mt-2{margin-top:3rem}.mb-2{margin-bottom:3rem}.pt-3{padding-top:4.5rem}.pb-3{padding-bottom:4.5rem}.mt-3{margin-top:4.5rem}.mb-3{margin-bottom:4.5rem}.pt-4{padding-top:6rem}.pb-4{padding-bottom:6rem}.mt-4{margin-top:6rem}.mb-4{margin-bottom:6rem}.grid-2,.grid-3,.grid-4,.grid-auto,.grid-reverse{display:grid;grid-template-columns:1fr}[class*='grid-']{grid-gap:2rem}@media screen and (min-width: 42rem){.grid-auto{grid-template-columns:2fr 5fr}.grid-reverse{grid-template-columns:3fr 1fr}.grid-2{grid-template-columns:repeat(2, 1fr)}.grid-3{grid-template-columns:repeat(auto-fit, minmax(15rem, 1fr))}.grid-4{grid-template-columns:repeat(auto-fit, minmax(12rem, 1fr))}}.active{color:var(--theme)}.is{background:var(--theme);color:var(--light)}.toggle svg{fill:var(--text);display:inline-block;transform-origin:50% 50%;transform:scale(1.2);cursor:pointer;margin:0}.scrollable{width:100%;overflow-x:hidden;max-width:calc(100vw - 48px)}@media screen and (min-width: 768px){.scrollable{max-width:100%}}.scrollable:hover{overflow-x:auto}.chart{display:grid;grid-gap:1.5rem;max-width:98vw !important;max-height:98vw !important}.link{display:inline-flex;align-items:center;width:2.5rem;margin:0 0.25rem;padding:0 0.25rem;opacity:0;transition:opacity 0.3s cubic-bezier(0.39, 0.575, 0.565, 1)}.link svg,.link img{width:1.5rem;height:1.5rem;fill:var(--theme)}.link_owner:hover .link{opacity:0.9}.copy{cursor:pointer}@keyframes pulse{0%{opacity:1}75%{opacity:0.1}100%{opacity:1}}code{font-size:15px;font-weight:400;overflow-y:hidden;display:block;font-family:'Monaco', monospace;word-break:break-all}code.noClass{color:var(--inline-color);display:inline;line-break:anywhere}.windows .highlight{overflow-x:hidden}.windows .highlight:hover{overflow-x:auto}.highlight{display:grid;width:100%;border-radius:0 0.2rem 0.2rem 0;overflow-x:auto;position:relative}.highlight_wrap{display:grid;background:var(--code-bg) !important;border-radius:0.5rem;position:relative;padding:0 1rem;margin:1.5rem auto 1rem auto}.highlight_wrap .highlight_wrap{margin:0;padding:0}.highlight_wrap+.highlight_wrap{margin-top:2.25rem}.highlight_wrap:hover>div{opacity:1}.highlight_wrap .lang{position:absolute;top:0;right:0;text-align:right;width:7.5rem;padding:0.5rem 1rem;font-style:italic;text-transform:uppercase;font-size:67%;opacity:0.5;color:var(--text)}.highlight_wrap:hover .lang{opacity:0.1}.highlight .highlight{margin:0}.highlight pre{color:var(--text) !important;border-radius:4px;font-family:'Monaco', monospace;padding-top:1.5rem;padding-bottom:2rem}.highlight table{display:grid;max-width:100%;margin-bottom:0;background:transparent}.highlight td,.highlight th{padding:0}.highlight .lntd{width:100%;border:none}.highlight .lntd:first-child,.highlight .lntd:first-child pre{width:2.5rem !important;padding-left:0;padding-right:0;color:rgba(255,255,255,0.5);user-select:none}.highlight .lntd:first-child pre{width:100%;display:flex;align-items:center;flex-direction:column}.err{color:#a61717}.hl{width:100%;background:var(--inline-color)}.ln,.lnt{margin-right:0.75rem;padding:0;transition:opacity 0.3s var(--ease)}.ln,.ln span,.lnt,.lnt span{color:var(--text);opacity:0.5;user-select:none}.k,.kc,.kd,.kn,.kp,.kr,.kt,.nt{color:#6ab825;font-weight:500}.kn,.kp{font-weight:400}.nb,.no,.nv{color:#24909d}.nc,.nf,.nn{color:#447fcf}.s,.sa,.sb,.sc,.dl,.sd,.s2,.se,.sh,.si,.sx,.sr,.s1,.ss{color:#ed9d13}.m,.mb,.mf,.mh,.mi,.il,.mo{color:#3677a9}.ow{color:#6ab825;font-weight:500}.c,.ch,.cm,.c1{color:#999;font-style:italic}.cs{color:#e50808;background-color:#520000;font-weight:500}.cp,.cpf{color:#cd2828;font-weight:500}.gd,.gr{color:#d22323}.ge{font-style:italic}.gh,.gu,.nd,.na,.ne{color:#ffa500;font-weight:500}.gi{color:#589819}.go{color:#ccc}.gp{color:#aaa}.gs{font-weight:500}.gt{color:#d22323}.w{color:#666}.hljs-string{color:#6ab825}.hljs-attr{color:#ed9d13}.p .hljs-attr{color:var(--light)}.pre_wrap{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.pre_nolines.ln{display:none}.panel_box{display:inline-flex;perspective:300px;grid-gap:1rem;transition:opacity 0.3s var(--easing);background:var(--code-bg);padding:0.5rem 1.5rem;border-radius:2rem;align-items:center;position:absolute;right:0rem;top:-2.1rem;opacity:0}.panel_icon{display:inline-flex;align-items:center;justify-content:center;cursor:pointer;padding:0.1rem;transform-origin:50% 50%;margin:0}.panel_icon.active{animation:pulse 0.1s linear}.panel_icon svg{fill:var(--text);width:1.5rem;height:1.5rem}.panel_hide{display:none}.panel_from{position:absolute;color:var(--theme);bottom:0;font-size:1.5rem;font-weight:500;padding:0.5rem 0;cursor:pointer;letter-spacing:0.1px;z-index:19}.panel_expanded .panel_from{display:none}.shell{position:relative}.shell::before{content:"$";position:relative;margin-right:0.36rem}.line-flex{display:flex}@font-face{font-family:'Metropolis';font-style:normal;font-weight:400;src:local("Metropolis Regular"),local("Metropolis-Regular"),url("../fonts/Metropolis-Regular.woff2") format("woff2"),url("../fonts/Metropolis-Regular.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:normal;font-weight:300;src:local("Metropolis Light"),local("Metropolis-Light"),url("../fonts/Metropolis-Light.woff2") format("woff2"),url("../fonts/Metropolis-Light.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:italic;font-weight:300;src:local("Metropolis Light Italic"),local("Metropolis-LightItalic"),url("../fonts/Metropolis-LightItalic.woff2") format("woff2"),url("../fonts/Metropolis-LightItalic.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:normal;font-weight:500;src:local("Metropolis Medium"),local("Metropolis-Medium"),url("../fonts/Metropolis-Medium.woff2") format("woff2"),url("../fonts/Metropolis-Medium.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:italic;font-weight:500;src:local("Metropolis Medium Italic"),local("Metropolis-MediumItalic"),url("../fonts/Metropolis-MediumItalic.woff2") format("woff2"),url("../fonts/Metropolis-MediumItalic.woff") format("woff");font-display:swap}@font-face{font-family:'Cookie';font-style:normal;font-weight:400;src:local("Cookie-Regular"),url("../fonts/cookie-v10-latin-regular.woff2") format("woff2"),url("../fonts/cookie-v10-latin-regular.woff") format("woff");font-display:swap}@keyframes chartjs-render-animation{0%{opacity:.99}100%{opacity:1}}.chartjs-render-monitor{animation:chartjs-render-animation 1ms}.chartjs-size-monitor,.chartjs-size-monitor-expand,.chartjs-size-monitor-shrink{position:absolute;direction:ltr;left:0;top:0;right:0;bottom:0;overflow:hidden;pointer-events:none;visibility:hidden;z-index:-1}.chartjs-size-monitor-expand>div{position:absolute;width:1000000px;height:1000000px;left:0;top:0}.chartjs-size-monitor-shrink>div{position:absolute;width:200%;height:200%;left:0;top:0} /*# sourceMappingURL=styles.css.map */ \ No newline at end of file diff --git a/bootloaders.io/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.json b/bootloaders.io/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.json index a312d9a..b4a7743 100644 --- a/bootloaders.io/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.json +++ b/bootloaders.io/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.json @@ -1 +1 @@ -{"Target":"css/styles.bef9c1b1c11fb8b6fb5da477eae37bd24d99edaddfdf719c56cfed4901905318a2230b644ca9d7902ae919f1248f46b9afbbcbe47b67da8703cdab6afd5bb8f9.css","MediaType":"text/css","Data":{"Integrity":"sha512-vvnBscEfuLb7XaR36uN70k2Z7a3f33GcVs/tSQGQUxiiIwtkTKnXkCrpGfEkj0a5r7vL5Htn2ocDzatq/Vu4+Q=="}} \ No newline at end of file +{"Target":"css/styles.5e28a48c17aeefa16ec0f8a3990638bcf0812cd157872aaa28e5c9ef0d67265f69fd0161a3224e71f035fac9965497f0077eab5fb09ac3601315b16eb6505c0b.css","MediaType":"text/css","Data":{"Integrity":"sha512-XiikjBeu76FuwPijmQY4vPCBLNFXhyqqKOXJ7w1nJl9p/QFhoyJOcfA1+smWVJfwB36rX7Caw2ATFbFutlBcCw=="}} \ No newline at end of file